Florida Courts Bleed Data Following Supposed BlackCat Ransomware Assault
- By Steven
- Oct 12, 2023
Florida’s First Judicial Circuit hosts 33 courts in the Northwest of the state. The region serves over 1.4 million residents, most of whom live within areas heavily impacted by the military. Last week, the Florida Courts suffered a data breach, which halted operations across the district starting on October 2nd. In the last 72 hours, ransomware gang BlackCat has claimed responsibility for the assault—and may be holding the credentials for ransom.
How Did the Attack Occur?
Nuanced information about the data breach is not currently available. What is known is that there was a “technology security event” which resulted in the disturbance of court activities. The attack is under active investigation by multiple area experts, with the court promising updates as they occur. We cannot speculate how BlackCat accessed restricted areas; however, the hackers may not have breached all First District courthouses. Those living in Northwest Florida should confirm with their district court whether the attack impacted their data.
What Information was Viewed or Stolen?
As of this writing, the District Court does not know if the hackers gained access to personal data within records. Some reporting sources claim that BlackCat was able to steal employees’ Social Security Numbers and resumes. In contrast, a local news report claims most of the stolen information was already public access. BlackCat themselves purportedly obtained a comprehensive network map of the internal systems of the court, along with credentials to access it at any time. Due to the court’s investigation not yet completed, it is unknown if area residents have had their data stolen.
How Did Florida’s First District Court Admit to the Breach?
On October 2nd, BlackCat’s attack brought court operations to a standstill. That same day, court attendants reported the suspicious activity, and officials immediately launched multiple investigations. A week later, on October 9th, BlackCat posted a sample of their leaked content on their website; speculators consider this move a reaction to re-open ignored or avoided negotiations. This theory seems to align with the report published by local news, claiming the data was largely publicly accessible already.
What Will Become of the Stolen Information?
The lack of knowledge surrounding the stolen data hinders accurate speculation. If the attackers were to leverage the SSNs and resumes of employees, they could commit various frauds and impersonations; if they obtained a map of the networks, more public and employee credentials could be under threat; if they captured the internal details of active or archived court records, thousands could be at risk for credential exposure. It’s impossible to predict the future of the stolen data, but if BlackCat keeps it, they might use it for ransom.
What Should Affected Parties Do in the Aftermath of the Breach?
If the investigations determine the data theft included consumer information, they will notify the impacted individual. Alternatively, if it surfaces that the breach impacted only employees, consumers must still be cautious. Employee resumes can make more victims than other breaches because they can expose information about multiple companies and relationships; this means the court is not only under threat but also all businesses listed on those resumes.
At the same time, the individual may be at risk for victimization through financial and identity fraud. The only thing to do is to hire monitoring services before the data is exposed. (If expecting an upcoming court date, individuals must call their presiding judge and inquire about the updated court schedule.)