"Beginning next week, the City of Modesto will begin notifying individuals via U.S. mail that may have been impacted by this unauthorized access and provide them with complimentary credit monitoring services," according to a city news release.
The release states the city's investigation "determined that a limited amount of information was accessed during this incident."
City spokesman Andrew Gonzales said in a Thursday interview the city would not say how many people may have had their personal information accessed, whether they work for the city or are members of the public, how the ransomware accessed the Police Department's network and many other details.
"To maintain the integrity of the investigation," he said, "we are limited on what we can say."
But Gonzales repeated what the city had said previous statements that the incident never put the public at risk or disrupted the city's ability to provide services, including responding to 911 calls.
Ransomware is a type of malicious software, or malware, that hackers use to infect and hobble a computer or computer network until a ransom is paid or other demands are met. Gonzales said Modesto did not pay a ransom but declined to say the amount or nature of the ransom.
He said Modesto disconnected its Police Department's digital network from the rest of the city's network. He said only the Police Department's network was affected by the incident. He confirmed Modesto noticed the suspicious activity on the Police Department's network Feb. 3.
The city only confirmed that it had detected suspicious activity on its digital network Feb. 8 after The Bee inquired about the matter. The statement the city issued then had few details.
When asked Thursday why the city did not acknowledge the breach sooner and without the inquiry from the newspaper, Gonzales cited the need to maintain the integrity of the investigation.
Relying on multiple anonymous sources with direct knowledge of the incident, The Bee reported Feb. 9 that the Police Department was the victim of ransomware. The attack meant the laptops in patrol vehicles did not work along with other information technology.
Modesto worked with cybersecurity experts and law enforcement in dealing with this attack. But citing the integrity of the investigation, Gonzales declined to name them.
The news release states that because of the city's preparation for such an event as well as the quick response of the city's IT staff, it was able to contain the threat in a short amount of time.
©2023 The Modesto Bee, Distributed by Tribune Content Agency, LLC.
