Southampton County in Virginia, US, recently warned individuals that their personal identifiable information (PII) might have been stolen in a ransomware attack.
According to a letter sample published last week, a cyber-criminal accessed a single server at Southampton and encrypted it on September 06, 2022.
“Upon discovering the incident, our IT team promptly took the appropriate steps to contain the incident,” said the County. “To ensure the safety of our community’s systems, we also engaged with leading outside security experts to conduct a thorough review of our environment.”
The County added that it notified the FBI Cyber Crimes Division, the Virginia State Police and the Virginia Fusion Center and is supporting law enforcement in their efforts to bring the criminals to justice.
“We were able to recover from this matter and successfully prevent this incident from impacting any of our critical operations. However, thereafter the cyber criminal claimed that they took sensitive data from the server,” reads the letter.
In particular, a W-2 form had been published on a dark web forum with the criminal claiming that they obtained sensitive data from the encrypted Southampton server, including archived County information.
“This caused us to review the server in question to determine any personal information contained on it,” explained the County.
Generally speaking, the County found no conclusive evidence that the cyber-criminal successfully removed individuals’ personal information from Southampton’s server.
However, “out of an abundance of caution,” Southampton said they wanted to alert users and provide them with free credit monitoring solutions.
Still, the team is not ruling out that the attacker may have leaked some data.
“Based on this review, the types of personal information involved may have included your name, social security number, driver’s license number, and/or address.”
The news comes days after the US Attorney’s Office for the Eastern District of Virginia announced the seizing of seven domain names connected to a “pig butchering” cryptocurrency scam.