The information may include names, addresses, Social Security and driver’s license numbers, medical information in work status reports and state-issued identification numbers, according to letters the city sent in early March to the current and former employees.
The city has about 1,200 employees, with about 300 of them working for the Police Department.
.
Modesto Chief Information Officer Scott Conn this week provided the city’s most detailed account about the Feb. 3 ransomware attack, though the cybercriminals had been snooping around in the network since Jan. 31 before launching their attack.
Ransomware is a type of malicious software, or malware, that hackers use to infect and hobble a computer or computer network until a ransom is paid. The crooks typically gain access through a type of email called phishing and through servers connected to the Internet without adequate security. A phishing email can have a link with malware software in it. The malware is activated when someone clicks on the link.
Conn told council members that city employees were not responsible for the security breach. He said the breach occurred with one of the city’s vendors.
“What council needs to know is that through no act of a city of Modesto staff member or employee did this breach occur,” he said. “Nobody clicked on anything bad. ... It turns out one of our trusted vendors got compromised outside of our system, and their user account captured. And they just happened to use the same username and password to get into systems they are supposed to maintain at the city of Modesto. So it was an actual vendor of ours that got hacked and allowed the penetration of our Police Department to occur.”
Conn did not say whether the city had any responsibility in preventing the hackers from gaining access through the vendor. He said the city has taken measures to prevent the same type of breach from happening again.
City spokesman Andrew Gonzales said in a text message that Modesto would not provide the name of the vendor.
Conn said Modesto refused to pay a ransom. “We did not pay one red cent to these people,” he said. “They asked. We didn’t pay.”
Conn said Modesto has offered the affected current and former employees one year of free credit monitoring, though he said just 4 percent have signed up for the service. Conn acknowledged this is a “terrible situation” for the current and former employees and the city is “truly sorry.”
Conn was featured in an Industry Insider — California "One-on-One" interview in July.
A ransomware group named Snatch has claimed responsibility for the attack and has posted on its website 15 files that it claims contain information from Modesto.
The cyber attack may cost the city more than $1 million for expert help in recovering from it and for “additional security detection and prevention tools that may have deterred the attacker,” according to a city report.
Officials from the agencies that helped Modesto in the ransomware attack — including the FBI, the California Highway Patrol’s Computer Crimes Investigations Unit and the California Cybersecurity Integration Center — praised the city for its response.
(c)2023 The Modesto Bee. Distributed by Tribune Content Agency, LLC.
