Ransomware Hits the San Francisco 49ers Football Organization

Green Valley: Personal Data of California Town Stolen

DESCRIPTION

The small town of Grass Valley, California made it public on January 7 that its network had been compromised (The town is not to be confused with Grass Valley, Nevada, which suffered a ransomware attack in the summer of 2021). Grass Valley has a population of around 13,000. Upon an investigation by an outside cybersecurity firm, it is believed that the attackers had access to the city’s computer systems between April 13, 2021, and July 1, 2021. The attacking party transferred files during this period to an offsite location. No report of a ransomware attack was mentioned in the notice.

IDENTIFY INDICATORS OF COMPROMISE (IOC)

The assembled cybersecurity team reviewed all the file directories and determined that the following information had been exfiltrated from the network:

  • The personal information of Grass Valley past and present employees as well as their families. The compromised data included Social Security numbers (SSN), driver’s license numbers and medical or health insurance information.
  • The names and social security numbers of individual vendors hired by the city.
  • The personal information of individuals whose data was contained in records held by the Grass Valley Police Department. Information types included Social Security numbers, passport information and insurance information.
  • The personal data contained within loan documents of the city’s Community Development Department that included financial account numbers, and payment card numbers.

CONTAINMENT (If IoCs are identified)

Upon discovering the breach, the city quickly shut down its network and called in an outside security team to head the investigation. An extensive review was implemented to figure out how the breach occurred and how to enhance the existing protocols of the city’s network. The city notified all affected individuals and is offering them a one-year membership to Experian’s credit monitoring service.

PREVENTION

There are several key steps that enterprises can take to protect against a data breach. These include the following:

  • Require a second form of authentication for all users using multifactor authentication (MFA) to help defend against unauthorized logins to systems.
  • Encrypt all data at rest with strong encryption so that if it is compromised it will remain unreadable.
  • Enforce the Principle of Least Privilege Security (PoLP) for all users accounts to ensure that users only have access to the resources they need to fulfill their job.
  • Require all domain administrators to have dual accounts. Admins should only use their privilege accounts when necessary. Standard users accounts should be used to check email and other general application tasks. They should also logon to servers using a local admin account (not the default admin account however) so that if that account is compromised, its scope of damage is limited.
  • Changes to active directory objects should be monitored to stay abreast of unauthorized changes made to group memberships or user access permissions.


Ensure your Incident Response Readiness in the event of attack. Review your security and risk profile.


Cyber Data Breach News

HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.