Washington (DC News Now) — Tyler Technologies announced in late March that it had discovered a data breach of securities data affecting its DC agency.
Tyler Technologies hosts data for numerous companies, including customer data from the DC Department of Insurance Securities and Banking (DISB)'s STAR system.
“Tyler discovered unauthorized activity in an isolated segment of a private cloud hosting environment that stores limited STAR Systems client data.” statement Read on the company's website.
The technology company said it has taken its systems offline and is working “in close contact” with those affected by the breach.
They then began investigating what happened and found that “an attacker encrypted the system” and exfiltrated the data.
according to Venari Xis a company that monitors security incidents worldwide, and the attack may have exposed personal information such as names, sensitive business data, and email addresses.
Screenshots seen by DC News Now show a threat actor called Lockbit 3.0 uploaded to an unknown website on April 13th, and if no deal is reached by Friday, April 19th. Threatened to release hundreds of gigabytes of financial documents.
“Lockbit has long been a ransomware-as-a-service organization. They are a type of cyber exploitation group that focuses on using ransomware to infiltrate various networks (usually business networks) around the world. “They can essentially hold a user's data hostage, jam their communications system, force them to pay a ransom, or distribute their data online,” said Kevin, Director of Threat Research and Response.・Mr. O'Connor said. admin.
“Since a bad negotiator disappeared at the end of his contract, we will begin releasing large amounts of sensitive data, starting with a 1 gigabyte sample of data,” Thursday's update notice said.
Additionally, they threatened to release 800GB of documents from DISB, SEC, and Delaware banking institutions.
The hackers say they are “preparing for the economic fallout” if a deal is not reached by Tuesday, April 23.
“It's the Department of Insurance. So we'll have information from personal insurance as well as commercial insurance across the district,” O'Connor said. “I'm sure this kind of dump would include a lot of tax documents, etc. But in reality, it's things like leaked emails that end up being the most damaging.”
O'Connor said it's not just corporate financial data that could be exposed.
“Individual D.C. residents should be concerned about their PII, or personally identifiable information, being compromised, such as their name, birth address, or Social Security number associated with other personally identifying details. '' O'Connor said.
Click here for more information here.