IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Info of More Than 2,000 Modesto Employees Potentially Hacked

The personal information of 2,280 current and former employees of the California city may have been accessed in the recent ransomware attack on the Police Department's IT network.

(TNS) — The personal information of 2,280 current and former Modesto employees may have been accessed in the recent ransomware attack on the Police Department's IT network.

The information may include names, addresses, Social Security and driver's license numbers, medical information in work status reports and state-issued identification numbers, according to letters the city sent in early March to the current and former employees.

The city has about 1,200 employees, with about 300 of them working for the Police Department.

Modesto Chief Information Officer Scott Conn provided the City Council — and the public — on Tuesday the city's most detailed account about the Feb. 3 ransomware attack, though the cybercriminals had been in the network snooping around since Jan. 31 before launching their attack.

Ransomware is a type of malicious software, or malware, that hackers use to infect and hobble a computer or computer network until a ransom is paid.

The crooks typically gain access through a type of email called phishing and through servers connected to the internet without adequate security. A phishing email can have a link with malware software in it. The malware is activated when someone clicks on the link.

Conn told council members that city employees were not responsible for the security breach. He blamed one of the city's vendors.

"What council needs to know is that through no act of a city of Modesto staff member or employee did this breach occur," he said. "Nobody clicked on anything bad. ... It turns out one our trusted vendors got compromised outside of our system, and their user account captured.

"And they just happened to use the same user name and password to get into systems they are supposed to maintain at the city of Modesto. So it was an actual vendor of ours that got hacked and allowed the penetration of our Police Department to occur."

Conn did not say in his presentation to the council whether the city had any responsibility in preventing the hackers from gaining access through the vendor. But when asked by Councilman Chris Ricci how Modesto could prevent the same type of breach from happening again, Conn said the city has taken measures to prevent that.

City spokesman Andrew Gonzales said in a text message that Modesto would not provide the name of the vendor.

Conn said Modesto refused to pay a ransom. "We did not pay one red cent to these people," he said. "They asked. We didn't pay."

But Councilman Nick Bavaro asked Conn about the price the 2,280 current and former city employees would pay if their personal information is misused.

Conn said Modesto has offered them one year of free credit monitoring, though he said just 4% have signed up for the service. Conn acknowledged this is a "terrible situation" for the current and former employees and the city is "truly sorry."

Hackers claim responsibility

Gonzales, the city spokesman, said in an interview that Modesto has not received any reports of these current and former employees having their personal information misused.

A ransomware group named snatch has claimed responsibility for the attack and has posted on its website 15 files that it claims contain information from Modesto.

Ransomware attacks can target more than Social Security numbers and other personal information. Ransomware groups have released child abuse allegations, the names of confidential informants and investigations on the internet.

Modesto has not said whether its ransomware attackers may have accessed other information in addition to the personal information of current and former employees.

And while Modesto did not pay a ransom, the cyberattack may cost the city more than $1 million for expert help in recovering from it and for "additional security detection and prevention tools that may have deterred the attacker," according to a city report.

The City Council at its Tuesday meeting voted 7-0 to approve the spending.

The spending includes as much as $586,645 for the expert help and as much as $497,000 annually for security detection and prevention software tools. A city report states the IT Department had planned to ask the council to approve the purchase of security tools before the ransomware attack.

Modesto anticipates it will be reimbursed by its cybersecurity insurance provider for the cost of the expert help, less the city's $100,000 deductible.

The city report does not name the firms that provided the expert help and the software tools. It cites California Government Code section 7929.210(a) in not doing so. The section exempts disclosure of information that if released would increase the potential for an attack on a public agency's IT system.

The report states the experts who helped the city and the the security detection and prevention firms "provide such narrow, specialized services" that naming them "would necessarily identify a specific vulnerability" in the city's IT network.

MPD disconnected from internet

Conn told council members that Modesto responded to the cyberattack within an hour.

He said the city essentially disconnected the Police Department from the internet and from its connections with other networks, including the Sheriff's Department and District Attorney's Office, "so we would not be the ones who infected them."

The ransomware attack meant police officers could not use their laptops in their patrol vehicles as well as other technology that they and other Police Department employees rely upon.

Conn said the city developed workarounds so there was no interruption in city services. And Police Chief Brandon Gillespie has said the department provided extra staffing at the Stanislaus Regional 911 dispatch center to provide patrol officers with information they ordinarily would access through their laptops.

Conn said Modesto restored critical infrastructure within three weeks and restored 95% of the Police Department's IT network within five weeks.

He said the city response and recovery time were remarkable. Conn said that was due to such factors as the city implementing recommendations from a security audit from mid 2021, developing relationships with cybersecurity experts and practicing how to respond to a cyberattack.

Officials from the agencies that helped Modesto in the ransomware attack, including the FBI, the CHP Computer Crimes Investigations Unit and the California Cybersecurity Integration Center, also spoke at Tuesday's council meeting and praised the city for its response.

© 2023 The Modesto Bee (Modesto, Calif.). Distributed by Tribune Content Agency, LLC.