DC’s Department of Insurance, Securities and Banking client data breached, Tyler Technologies says
WASHINGTON (DC News Now) — Tyler Technologies said in late March, it discovered a data breach to its securities data which affected a D.C. agency.
Tyler Technologies hosts data for a multitude of companies, including D.C.’s Department of Insurance, Securities and Banking’s (DISB) STAR system client data.
“Tyler discovered unauthorized activity in an isolated segment of a private cloud hosting environment that stored limited STAR system client data,” a statement on the company’s website read.
The technology company said it took the system offline and has been working in “close contact” with those who were affected by the breach.
It has since launched an investigation into what happened and found that “a threat actor encrypted the system” and took the data.
According to VenariX, a company that monitors global security incidents, the attack may have exposed personal information such as first and last names, confidential business data and email addresses.
Screenshots reviewed by DC News Now show an upload to an unknown website from a threat actor called Lockbit 3.0 on April 13, threatening to release hundreds of gigabytes of financial documents if a deal wasn’t met by Friday, April 19.
DC welcomes first of 5 Throne bathrooms
“Lockbit’s been a long time ransomware as a service. Sort of cyber exploitation gang. They focus on using ransomware to sort of breach different networks worldwide, usually business networks, so that they can essentially hold your data for hostage and either disrupt your sort of communication systems or force you to pay them their ransom or they’ll distribute the data online,” said Kevin O’Connor, director of threat research and response with Adlumin.
“A bad negotiator disappeared at the end of the deal so we are starting to release huge amount of sensitive data starting with a one gigabyte sample data,” an updated notice on Thursday said.
It goes on to threaten releasing 800 GB of documents from the DISB, SEC and Delaware banking institutions.
The hackers said if the deal isn’t finalized by Tuesday, April 23, “Brace for economy impact.”
“It’s the Department of Insurance. So they’ll have information from business insurance as well as personal insurance throughout the District,” O’Connor said. “There’s a lot of tax documents and stuff I’m sure that will be included in this type of dump. But really, what ends up being the most damaging are the emails and stuff that are leaked.”
Planes almost collide at Reagan National Airport; FAA investigating
O’Connor said it’s not just corporate financial data that could be leaked.
“The individual D.C. resident should be concerned about their PII, that personally identifiable information being leaked, things like Social Security numbers tied to your name, your birthday address, and other identifiable details,” O’Connor said.
For more information, click here.
For the latest news, weather, sports, and streaming video, head to DC News Now | Washington, DC.
