More than 2,000 residents in North Texas received letters notifying them that their personal information may have been compromised during a July cyberattack against the Cooke County Sheriff’s Office.
(TNS) — More than 2,000 letters were recently mailed out mostly to North Texans notifying them that their personal information might’ve been compromised during a July cyberattack, according to Cooke County Judge Jason Brinkley.
“Several people have called asking if the letters are real,” Brinkley said Tuesday, Aug. 18. “While I am glad people are that vigilant, the letters are real.”
Brinkley said notices were mailed early last week by a third-party service that is assisting in the notification process.
On July 4, a ransomware attack on the county’s information system for the Cooke County Sheriff’s Office resulted in the data breach of personal identification information, the Register previously reported.
Brinkley said much of the compromised data came from either CCSO reports or cases “going back several years.”
The CCSO was the only county department impacted by the attack.
Shortly after the data breach, ITWire, an Australian information technology news website, reported that attackers claimed to have used REvil ransomware to attack the Cooke County website. The attackers posted screenshots on the dark web — part of the Internet that requires specific software or authorization to access — showing what were said to be documents and data from the sheriff’s office, according to a previous Register report.
Screenshots from the attackers’ announcement about the hack showed data folders with filenames that appeared to reflect archived case files as well as current cases. The screenshots, provided by threat analyst Brett Callow with antivirus software company Emsisoft, also displayed a threat that the files would be uploaded in seven days, though Callow said it’s unclear what date that was counting from, according to the archived Register report.
REvil, used to refer both to the hacker group and the ransomware it uses, was first identified last year and is known to auction the data it steals, Callow previously told the Register.
Brinkley told the Register on Tuesday that the ransomware attackers appear to be based on foreign soil. A law enforcement investigation into the attack is ongoing, he said.
©2020 the Gainesville Daily Register, Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.