Personal information from Union County, Pennsylvania, residents was stolen during a ransomware attack on government systems 10 days ago.
The county published a notice on Friday warning its more than 40,000 residents that the ransomware attack was discovered on March 13. Federal law enforcement was notified and cybersecurity experts were hired to help with the recovery process.
On March 13, the county learned that the hackers took personal information from its network.
“The affected information appears to be mostly related to individuals involved with County law enforcement, court related matters, and/or other County business,” the county said.
“Although the investigation is still ongoing, at this time we have determined that the data may contain Social Security numbers and driver’s license numbers.”
County officials did not respond to requests for comment about what services were impacted by the attack and when any disrupted services would be restored.
The county said it will send written notices to anyone affected by the cyberattack when officials finish their review of the incident.
The county said it has since made several changes to its security tools to protect against further incidents.
No ransomware gang has taken credit for the attack as of Monday.
County and city governments continue to be battered in the first three months of 2025, with multiple states dealing with catastrophic cyberattacks hampering local services.
Municipalities in four different states contended with cyberattacks last week against critical government services.
One of them — Strafford County, New Hampshire — warned residents last week that it is dealing with significant communication system outages due to a cyberattack.
A spokesperson for the county, home to 133,000 people, told Recorded Future News on Monday that it “recently experienced a security incident which caused a network
interruption impacting system operations.”
“Our primary focus remains on the continuation of essential services, a safe and efficient remediation process, the protection of the data we maintain, and the restoration of our systems,” the spokesperson said.
“While our investigation is in its early stages and is ongoing, some of our systems will remain offline in order to ensure we can be brought back to full operational capacity as quickly and safely as possible.”
They declined to answer further questions about who may be behind the attack and when systems will be restored.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
