Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

Suffolk cyber hackers accessed ‘personal information,’ county says | #itsecurity | #infosec | #hacking | #aihp


Suffolk County officials have acknowledged for the first time that hackers who breached county computer systems had accessed “personal information,” and urged residents to monitor their accounts and credit reports closely.

In a notice posted on its temporary webpage on Wednesday, the county said, “we believe that the threat actors accessed and/or acquired certain personal information from one or more County agency servers.”

The notice said Suffolk had “promptly hired multiple cybersecurity firms to conduct an examination to protect employees and residents as well as restore online services.”

While the county disclosed no details about the personal information accessed by hackers, the notice contained the first confirmation since the “cyber intrusion” was disclosed that hackers had obtained personal information.

PROTECTING YOURSELF

Suffolk County recommends residents take the following steps to detect suspicious activity involving their accounts and credit reports:

  • Review accounts and credit reports. Search for things such as an incorrect Social Security number, accounts you did not open or charges you did not make. If you see suspicious activity, report it to law enforcement.
  • Place a fraud alert on your credit. If you suspect fraud, contact call one of the three major credit reporting agencies: Equifax, Experian or TransUnion. A fraud alert conveys to anyone requesting your credit report that you suspect you may be a fraud victim. A fraud alert should not stop you from using existing credit cards or other accounts, but may slow your ability to get new credit.
  • Place a security freeze on your credit reports. Visit the New York Department of State Division of Consumer Protection website dos.nysits.acsitefactory.com/consumer-protection to place a security freeze on credit reports. A security freeze prevents most potential creditors from viewing your credit reports and therefore further restricts the opening of unauthorized accounts.

Source: suffolkcountyny.gov

“The protection of personal information is a top priority of the county and we will notify directly any individual whose data may have been exposed and offer free identity theft protection services.” Suffolk County Executive Steve Bellone told Newsday in a statement Thursday,

Suffolk County took down its web-based applications and websites on Sept. 8 in an effort to protect data after discovery of malware in county systems.

A week later, a group took responsibility for the attack in a posting on the dark web, and leaked several county documents it said it had acquired.

Documents published by the alleged attackers included speeding tickets and court records on which the names of defendants and information about them were visible, and a handwritten marriage license from 1908.

The group later updated the post to say they were seeking a “small reward” for finding vulnerabilities in the county’s systems.

County officials have not disclosed whether the group has demanded a dollar amount.

Officials have not provided a timeline for when computer systems may be restored.

Marykate Guilfoyle, a spokesperson for Bellone, told Newsday the county has crime protection insurance against hackers who attempt to transfer funds to unauthorized accounts.

However, Suffolk does not have a cyber insurance policy to cover the cost of investigating the intrusion, rebuilding any systems or paying any associated ransom, Guilfoyle said. 

Guilfoyle said the county has spent $6.5 million on cybersecurity measures since 2019, and has been collaborating with the New York State Association of Counties to explore the possibility of obtaining cyber insurance.

A 2022 survey conducted by the association, which advocates on behalf of New York’s 62 counties, found 21 of 26 counties that responded had some form of stand-alone cybersecurity insurance, association Deputy Director Mark LaVigne told Newsday.

Suffolk was among the counties that reported having no such insurance, LaVigne said,

Nassau County did not respond to the survey, LaVigne said.

On Thursday, Nassau County spokesperson Christopher Boyle told Newsday the county has no cybersecurity insurance.

However, Nassau County Executive Bruce Blakeman met with homeland security and other professionals four months ago, and “began an RFP process for an outside vendor to make sure our critical cyber infrastructure is protected,” Boyle said in a statement.

“We expect to make an announcement about the chosen vendor soon,” Boyle said.

LaVigne and state Association of Counties Executive Director Steve Acquario said Thursday that cybersecurity insurance premiums have tripled in the past several years while requirements for underwriting them have become more burdensome.

“It’s an open question as to whether or not a local government can and should have cyber insurance,” Acquario told Newsday. “There’s pros. And there’s cons.”

Premiums can run from about $50,000 per year to hundreds of thousands of dollars, LaVigne and Acquario said.

Guilfoyle said Suffolk County contracted with Palo Alto Networks, a global cybersecurity firm, in 2018 to assess the security risks to its computer network.

In 2019, Suffolk contracted with Redland Strategies, a Manhattan company that provides emergency management planning and crisis communication services, to conduct a tabletop security exercise with all county commissioners to evaluate network weaknesses and develop responses to cyber incidents, Guilfoyle told Newsday.

Yet experts said organizations can apply best practices and still be at risk for cyberattack.

“I believe that Suffolk is one of the most cyber-prepared counties, if not the most prepared county in the state of New York, perhaps the nation and yet it was the target of a terrorist breach of a very secure system,” Acquario said.

“That act shows that we are vulnerable,” he said.

With Candice Ferrette

Correction: Suffolk County officials have not provided a timeline for when computer systems may be restored. A previous version of this story misstated the status of the issue.

Click Here For The Original Source.


————————————————————————————-

Translate

Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish