California state worker union data breach

California's largest state workers union suffered a ransomware attack that led to the possible exposure of sensitive personal information such as Social Security numbers, residential addresses and dates of birth. SEIU Local 1000, which represents about 96,000 state workers, originally reported a “network failure” on Jan. 20, followed by formal confirmation two days later.

Details and investigation of the computer intrusion

Following the incident, the union released an official statement confirming the data breach but remaining vague on the details of the compromised data. This cybercriminal act is currently being handled in concert with law enforcement, whose identities were not disclosed by union spokesman Jim O'Donnell, who also stated that the extent of the crime is still being determined. data exposure.

The modus operandi of the "LockBit 3.0" ransomware

Brett Callow, a threat analyst at cybersecurity company Emisoft, identified the group responsible for the attack as "LockBit 3.0", explaining how such actors first steal a copy of the data and then encrypt the systems involved. Callow revealed that the syndicate was targeted for a total of 308 gigabytes of sensitive data, with an image of the hackers' darknet site involving the capture of personal data including phone numbers and other private information.

The consequences of the ransomware and the Syndicate's response

Despite the presence of a ransom, O'Donnell would not comment on whether it had been paid. SEIU Local 1000, through a statement, assured that a forensic investigation is underway to assess the level of unwanted access to personal data. If confirmed, affected individuals will be notified via mail.