[BreachExchange] Pensacola to pay for ID monitoring for 60, 000 people following cyberattack

Destry Winant destry at riskbasedsecurity.com
Tue Dec 24 10:17:20 EST 2019


https://www.pnj.com/story/news/2019/12/23/pensacola-pay-id-monitoring-60-000-people-following-cyberattack/2735249001/

Pensacola is offering to pay for identity protection monitoring for up
to 60,000 people following a cyberattack on the city's systems earlier
this month.

Pensacola Mayor Grover Robinson said he made the decision after talks
with Deloitte, the international professional services company the
city hired for $140,000 to perform an audit of the city's
cybersecurity and review how the cyberattack occurred.

"At this particular time, we don't know if any of our sensitive data
got out, but we do know that there is some data that was acquired by
the people that hacked us," Robinson said.

Robinson said the city will send out notifications to those who may
have had data exposed, which could include active city employees,
pensioners, active customers with online accounts with the city or
Pensacola Energy and housing clients. The list is estimated at 60,000
people, Robinson said.

"These are our most important people, our employees are active
customers, our pensioners, our housing clients, we felt like we needed
to protect them," Robinson said.

Robinson said the city had no evidence that anyone's personal
information was compromised, but he made the decision to notify people
because he believed it was the right thing to do.

"We don't want anybody to feel like there's something unsafe here with
the city of Pensacola," Robinson said. "We believe that those things
weren't broken into, but we won't know that for a couple more weeks.
We do know that some information was obtained by the individuals
(attackers)."

The cost for the identification monitoring will be between $150,000 to
$180,000, which will be paid out of the city's self-insurance fund,
Robinson said.

Notifications will be sent out via mail no later than Jan. 5, city
spokeswoman Kaycee Lagarde said.

The city was hit by what is known as a ransomware attack in the early
hours of Dec. 7. Ransomware is a type of software that infects
computers by encrypting data and prevents access until a ransom is
paid to the attackers.

City IT staff shut down the city's computer network to prevent the
attack from spreading, which shut down online services and the city's
phone and email systems for several days.

The city has been able to restore its systems, but IT staff had to
screen each individual city-owned computer to ensure it was free on
the ransomware before reconnecting it to the network.

Governments have become an increasing target of ransomware groups with
103 state and municipal governments and agencies attacked by
ransomware in the U.S. in 2019 alone, according to a report from the
cybersecurity company Emsisoft.

A cybercriminal group known as Maze is claiming to be behind the
attack on the city and has threatened to publish private data if a
ransom is not paid. A county email with a briefing from the Florida
Department of Law Enforcement released a few days after the attack
also tied the attack to the Maze group.

The group created a public website last week listing the city and at
least 20 other organizations it has attacked who don't "wish to
cooperate with us and trying to hide our successful attack on their
resources."

Brett Callow, a spokesman for Emsisoft, told the News Journal there is
no way to know for sure if the group claiming the attack are the
actual attackers, but said the public list revealed a previously
undisclosed attack on a Canadian company, Andrew Agencies. The company
acknowledged the attack occurred to the Canadian Broadcasting
Corporation after the list was published.


More information about the BreachExchange mailing list