- Business in the age of AI: From economies of scale to ecosystems of success
- The best Black Friday gaming PC deals 2024: Early sales live now
- The best Black Friday streaming deals 2024: Early sales available now
- One of the best E Ink readers I've tested isn't made by Boox or Kobo
- The 10 best tech stocking stuffers people will actually want
PII May Have Been Stolen in Virginia County Ransomware Attack
Southampton County in Virginia, US, recently warned individuals that their personal identifiable information (PII) might have been stolen in a ransomware attack.
According to a letter sample published last week, a cyber-criminal accessed a single server at Southampton and encrypted it on September 06, 2022.
“Upon discovering the incident, our IT team promptly took the appropriate steps to contain the incident,” said the County. “To ensure the safety of our community’s systems, we also engaged with leading outside security experts to conduct a thorough review of our environment.”
The County added that it notified the FBI Cyber Crimes Division, the Virginia State Police and the Virginia Fusion Center and is supporting law enforcement in their efforts to bring the criminals to justice.
“We were able to recover from this matter and successfully prevent this incident from impacting any of our critical operations. However, thereafter the cyber criminal claimed that they took sensitive data from the server,” reads the letter.
In particular, a W-2 form had been published on a dark web forum with the criminal claiming that they obtained sensitive data from the encrypted Southampton server, including archived County information.
“This caused us to review the server in question to determine any personal information contained on it,” explained the County.
Generally speaking, the County found no conclusive evidence that the cyber-criminal successfully removed individuals’ personal information from Southampton’s server.
However, “out of an abundance of caution,” Southampton said they wanted to alert users and provide them with free credit monitoring solutions.
Still, the team is not ruling out that the attacker may have leaked some data.
“Based on this review, the types of personal information involved may have included your name, social security number, driver’s license number, and/or address.”
The news comes days after the US Attorney’s Office for the Eastern District of Virginia announced the seizing of seven domain names connected to a “pig butchering” cryptocurrency scam.