Virginia county says April ransomware attack exposed employee SSNs

Government employees working for the county of Gloucester in Virginia had Social Security numbers and other sensitive data stolen during a ransomware attack in April.

The county sent 3,527 current and former employees notices this week warning that their personal information was accessed by hackers who breached county systems on April 22. 

In addition to Social Security numbers, names, driver’s license numbers, bank account information, health insurance numbers and medical information was also stolen during the incident. 

Gloucester County, home to more than 40,000 people, is about an hour outside of Richmond, Virginia.

Carol Steele, the county’s administrator, said they hired cybersecurity experts to help with the recovery and notified the FBI’s Cyber Crimes Division as well as the Cyber Fusion Center of the Virginia State Police. 

The county published warnings on April 22 and April 23 that it was experiencing network disruptions but never provided an update after that. Steele said they are “continuing to monitor the impact of a recent cybersecurity incident.”

The letters confirm that the county dealt with a ransomware attack but do not name the group behind the incident. The BlackSuit ransomware gang said it was behind the attack on May 15, writing in a dark web post that the county refused to negotiate a ransom. 

The group has a long history of attacking county and city governments across the U.S. — targeting Killeen, Texas last year. The gang was spotlighted by the FBI and other agencies last year because it is believed to be a rebrand of another gang of hackers that previously shut down the city of Dallas last year. The group has demanded more than $500 million in ransoms since 2022.