Hackers stole sensitive information in Torrance cyber attack.
Link to the article by Nick Green:
John Bailey, President
Southeast Torrance Homeowners' Association, Inc. (SETHA)
The March 1 cyberattack by a ransomware group cut off access to the city's
own website
By NICK GREEN | ngreen@scng.com | Daily Breeze
PUBLISHED: April 25, 2020 at 6:00 a.m. | UPDATED: April 25, 2020 at 9:32
a.m.
Torrance municipal officials have belatedly acknowledged that hackers stole
a huge trove of computer files containing sensitive personal information of
employees and “others,” that may have come from compromised city servers
during a cyberattack discovered last month, but have yet to inform those
whose data was taken.
“We sincerely apologize and regret any concern this incident may cause our
employees and others who interact with the city,” the city said in a press
release issued Thursday, April 23. “We are working hard to determine if this
information originated from our systems and will notify affected individuals
as soon as is reasonably possible.”
City Manager LeRoy Jackson later clarified via email that an on-going
criminal investigation “constrains what information can be made available.”
The March 1 cyberattack by a ransomware group cut off access to the city’s
own website, as well as municipal email accounts and also compromised the
city’s credit card payment system. That meant residents couldn’t pay such
things of utility bills and permit fees with plastic.
Brett Callow, a Canada-based threat analyst with anti-malware software
company Emisoft, said the cyberattack “represents a significant risk to both
the public and other organizations that have interacted with the city.
“This is an example of how not to handle a security incident,” Callow said
via email. “Torrance’s network was compromised by a ransomware group which
is known to steal data.
“In fact, the group’s ransom note actually states that the stolen data will
be made public unless the ransom is paid,” he added. “This incident should
have been treated and disclosed as a potential data breach from the outset.”
City officials have not detailed what information was stolen or how much.
But Callow said the amount of pilfered data online was vast.
“In total, there is more than seven gigabytes of data consisting of more
than 7,000 individual files,” he said. “The group claims to have stolen 200
gigabytes of data (containing) 250,000 individual files.”
Callow provided images to the Daily Breeze of a few files at random.
They included an arrest warrant and criminal investigation report issued by
the Torrance Police Department, city credit card account information and a
pay stub for a current city employee. The records contained social security
numbers, addresses, drivers license numbers and other personal information.
In a presentation to the City Council last Tuesday, Finance Director Eric
Tsao said “preliminary findings” into the security breach found no evidence
hackers had stolen anyone’s personal information.
However, that same day Tsao said the city learned stolen data had been
posted online, although he added it was unclear whether it actually came
from municipal servers.
“The data is also being reviewed by legal to assess whether the city has any
notification obligations,” Tsao’s presentation observed. He added that the
city’s servers had largely been restored.
However, Callow said affected people should be notified as quickly as
possible so they can take proactive steps to ensure their credit card and
other financial data remains secure.
The data can be used for identity theft or sold online, he said.
“We’ve seen data dumps such as this being sold and traded on the dark web,”
he said. “This is why it’s critical that incidents are disclosed as quickly
as possible.
“If individuals are kept in the dark,” he added, “they may only find out
their personal information has been compromised when they receive a
statement for a credit card they did not apply for.”
Comments