Recently, the Bay Area Rapid Transit (BART) Police Department revealed that police personnel files were stolen in a ransomware attack and posted on the dark web. This is not the first such attack against BART personnel; in 2011, hackers released more than 100 officers’ email addresses, passwords and personal data.
That’s going to result in some bad press for a fine organization, but the fact is that no public entity is immune to such attacks. From the largest global entities to the smallest municipal library, hackers can strike anywhere.
It happens every day.
And sadly, law enforcement agencies are among the most common targets, as most do not have the time or the budget to reinforce digital document protection. To the hacker, it doesn’t matter that police are put in far greater danger when their home addresses become accessible online. To them it’s just another target and opportunity to collect a ransom.
But to the officers, it means a heightened threat that the guy they arrested last week will show up at their front door.
Among the 120,000 internal BART files released were police records and reports, and human resources data, all of which could be used to find out where an officer lives. That is why we have already reached out to BART to offer emergency support, and to assist with beginning the process of removing this stolen content from the Internet. The safety of their personnel depends on how soon this process starts.
What Can You Do?
We’d love to say this would never happen to you, but wishful thinking won’t prevent you from becoming the next victim. What can you do? Start by creating an emergency plan that goes far beyond what you likely have now. Need help with that? Let us know.
With the right plan in place beforehand, damage and danger can be minimized if the worst happens. And if some of the private data on your personnel gets out, we can help with getting it removed. Our IronWall360 online privacy protection service scans the Internet every day for places online where addresses and phone numbers are displayed. When we find them we get them deleted –whatever it takes.
More Helpful Resources
NordVPN, a partner in 360Civic’s prevention efforts that specializes in cybersecurity, has published an informative article on online privacy and how individuals and organizations can protect themselves once their information is exposed. It can be found here.
360Civic has published Ransomware and Municipal Websites: A Prevention and Protection Strategy, a white paper that explains what ransomware is, how it works, and why it so frequently targets websites connected to state and local government. The document also offers specific steps that can be taken to reduce the likelihood of a ransomware attack.