[BreachExchange] Hackers seek millions of dollars from City of Clearfield in cybersecurity breach

[Sophia Kingsbury]

https://www.msn.com/en-us/news/us/hackers-seek-millions-of-dollars-from-city-of-clearfield-in-cybersecurity-breach/ar-AAMnaRo

The FBI has been notified and forensic insurance investigators are working
with Clearfield City after hackers got into city systems and are seeking
millions of dollars.

City manager JJ Allen says the hack happened last week, causing the city to
shut down its systems and call in its cybersecurity insurance team.

“Our IT personnel came in and shut everything down," he said.

System issues led IT to a demand letter from the hacker/s asking for
"millions of dollars," Allen said. The city did not pay it, and its
cybersecurity insurance provider took it form there. Clearfield shut all
its systems down, cutting phone service, requiring cash or check payments,
and prompting police and fire dispatch to use a spreadsheet to track
information.

As of Tuesday, most of the systems are back online. The city had system
backups for nearly everything, so getting the information back isn’t the
issue.

“There are two things at play. There’s that negotiation with the threat
actor, and then also the analysis by the forensic team of what data do they
actually have? What could they feasibly sell?” Allen said.

Allen says negotiations with the hacker are still happening, and the
insurance company is working to figure out what they have.

“We’re very fortunate that we don’t store any credit card information on
any of our servers, bank accounts and things like that,” Allen said.

But what they do contain is employee payroll information.

“So when the investigation is concluded and we know the details of what
information is truly at risk, then we will notify those people as required
by law. And our insurance coverage will provide the credit monitoring and
other fraud protection that is necessary in cases like this," Allen
explained.

Allen says employees were made aware and told to monitor their accounts for
any unusual activity.

As far as the residents of the city, we really don’t hold any of that
information on our servers. So we feel pretty confident it couldn’t have
been compromised,“ Allen said.
But the threat was first identified because the city’s dispatch system
slowed down. 2News asked, could the hacker have access to police documents
or court documents?

Allen agreed those files could contain personal information, "and that’s
one of those other areas beyond personnel that may have been more at risk,"
he said.

With the information he has right now, Allen wasn't able to say whether the
hack could have been prevented, but the city has been able to identify how
it happened.

We feel pretty confident that we have identified how they came into our
system, and that was a hardware issue that we’ve resolved now," he said. "I
wish I could guarantee that we’ll always be one step ahead of the bad guys,
but I don’t know that anybody can guarantee that."
Negotiations with that threat actor are ongoing and the insurance
investigators have people in Clearfield working on this. People will be
notified and provided fraud monitoring if information was compromised, but
Allen doesn’t have a timeline for when that could be determined.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210721/6db17baf/attachment.html>