The US Government has been hacked by a new ransomware Gang this week.

The US Government has been compromised by a new ransomware gang. Is it time to consider that cybercrime is a public health threat?

United States – Metropolitan Police Department of the District of Columbia

Exploit: Ransomware

Metropolitan Police Department of the District of Columbia: Law Enforcement Agency

Risk to Business = Severe

The Babuk Locker ransomware gang claimed to have downloaded more than 250 GB of data from the DC Metropolitan Police servers. The gang posted sample data, including 576 pages of personnel files including full names, Social Security numbers, phone numbers, financial and housing records, job histories and polygraph assessments for current and former officers. While the data was available, it was short lived and quickly removed. It is still unknown if this was a paid ransom or the exact details of the stolen files.

Individual Risk = Severe

Current and former employees of the Metro Police may be in danger for spear phishing, identity theft, or blackmail; therefore, they should be on high alert for fraud attempts.

Customers Impacted: Unknown

United States – Illinois Office of the Attorney General

Exploit: Ransomware

Illinois Office of the Attorney General: State Government Agency

Risk to Business = Severe

The DopplePaymer ransomware gang has leaked a large collection of files from the Illinois Office of the Attorney General after they refused to pay the ransom. The data leaked included information from court cases orchestrated by the Illinois OAG. The files had private documents note in public records, personally identifiable information about state prisoners, notes of their grievances, and case information.

Risk to Business = Severe

To date, posted information has some personal data for prisoners, but the full extent of the breach is not clear. formerly incarcerated people may be at risk of blackmail or spear phishing.

Customers Impacted: Unknown

United States – Pennsylvania Department of Health

Exploit: Third Party Data Breach

Pennsylvania Department of Health: State Government Agency

Risk to Business  = Severe

The Pennsylvania Department of Health’s third party contractor’s employees violated security protocols leaking thousands of residents information. The employees created unauthorized access outside the secured network.

Individual Risk = Severe

Records in questions, associated names with phone numbers, emails, genders, ages, sexual orientations and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.

Customers Impacted: 72,000

United States – Wyoming Department of Health

Exploit: Unsecured Data

Wyoming Department of Health: State Government Agency

Risk to Business = Severe

Wyoming’s Department of Health (WDH) has announced the accidental exposure of personal health information belonging to more than a quarter of the state’s residents on GitHub.com, a code repository. The data breach occurred when an estimated 53 files containing laboratory test results were mishandled by an employee. Data included test results for flu and COVID-19 performed for Wyoming, along with breath alcohol test results.

Individual Risk = Severe

In addition to the test results were patients’ names, ID numbers, addresses, dates of birth and dates of when tests had been carried out. WDH has begun the process of notifying impacted individuals and victims will be offered a year of free identity theft protection.

Customers Impacted: 164,021 Wyoming residents and others