Cybersecurity Incident Targeted Department of Finance

California officials are investigating a cybersecurity incident at the Department of Finance after a global ransomware group claimed it stole confidential data and financial documents from the agency.

The California Office of Emergency Services said in a statement Monday that the state Cybersecurity Integration Center was “actively responding to a cybersecurity incident involving the California Department of Finance.” Cal OES describes the threat as an “intrusion” that was “proactively identified through coordination with state and federal security partners.” The statement did not provide any specifics about the nature of the incident, who was involved or whether information or data had been taken.

Cal OES said only that “no state funds have been compromised.” Tech news outlets reported global ransomware group LockBit was behind the threat.

Screenshots from the group’s website show it claims to have stolen 76 gigabytes of data, including “databases, confidential data, financial documents, certification, court and sexual proceedings in court, IT documents and more.”

The department’s servers and website were back online as of Monday. The attack was not expected to affect the governor’s state budget proposal, which has a legal deadline of Jan. 10, sources told KCRA 3.

The U.S. Department of Justice in November charged a dual Russian and Canadian citizen for taking part in LockBit’s ransomware campaign. The DOJ reported LockBit appeared in January 2020 and has threatened at least 1,000 victims in the United States and internationally. It described the group as “one of the most active and destructive ransomware variants in the world.”