Following the high-profile ransomware attack suffered by the Washington D.C. Metro Police Department recently, we have another two similar incidents surfacing now, one of which has been officially admitted by the victimized entity. In both cases, the result is a catastrophic leak of highly sensitive data and documents relevant to police investigations, personnel, suspects, citizens, informants, incriminating evidence, secret agent identities, and all kinds of stuff that police departments would rather keep away from the public sphere.
First, there’s the Azusa Police Department in California, a force responsible for covering a population of 50,000 people. In a recent press release, the unit admitted having suffered a ransomware attack that resulted in the compromise of sensitive data. The types of exposed data include Social Security numbers, driver's license numbers, California identification card numbers, passport numbers, military identification numbers, financial account information, medical information, health insurance information, and/or information or data collected through the use or operation of an automated license plate recognition system.
Citizens of Azusa are urged to remain vigilant against incoming communications, obtain regular copies of their credit reports, and immediately report anything suspicious to the police. The attack actually occurred back in March 2021, but the threat actors went public about it a month later when they decided to dump police records, investigation details, and patrol officer reports.
The second case concerns the Clearfield Borough Police Department in Pennsylvania, which is currently being touted as a victim on the “MarketoLeaks” extortion portal. The actors have posted a mocking message on the Tor site, offering an ‘evidence pack’ of 247GB, allegedly exfiltrated during the cyber-attack against the particular department.
Clearfield Police hasn’t confirmed any attacks against them, but the data pack shared by the crooks appears to contain the promised details. We have reached out to the department Chief asking for a comment on this, and we will update the piece as soon as we hear back.
This is yet another example of why entities that handle extremely sensitive data should always store them in encrypted form. That way, even if a hacker intrusion ever takes place, which is really a question of when rather than if, the exfiltrated data will be useless, and the damage from exposures will be mitigated.