New York

Suffolk County Documents Stolen in Cyberattack Posted on Dark Web: Officials

It’s been more than a week since Suffolk County discovered its computer networks were hacked, but while some county services are still offline, the hackers are upping the ante.

NBC Universal, Inc.

What to Know

  • The News 4 I-Team learned the group behind a cyberattack against Suffolk County government posted documents with personal information obtained from the hack on the dark web and threatens to post more if the county does not negotiate a price with them, county officials said Friday.
  • The published documents include a county payment invoice for a court case, a name change application with personal information and a communication from an attorney to traffic court, his client's names, dates of births and ID numbers.
  • While county officials say no ransom request has been received, they continue to evaluate the integrity of the system and so far it appears the network infrastructure is intact.

It’s been more than a week since Suffolk County discovered its computer networks were hacked, but while some county services are still offline, the hackers are upping the ante.

The News 4 I-Team learned the group behind a cyberattack against the Suffolk County government posted documents with personal information obtained from the hack on the dark web and threatens to post more if the county does not negotiate a price with them, county officials said Friday.

The published documents include a county payment invoice for a court case, a name change application with personal information and a communication from an attorney to traffic court, his client's names, dates of births and ID numbers.

“It’s frightening I’m scared for my clients,” said attorney Joseph Carbone, Jr.  “This stuff, if it gets out, people can access their information and put my clients in some severe financial distress.”

Carbone said he was stunned to learn a communication made seven years ago is now public.

Along with the documents, the hackers released a threatening message: they will release more documents.

“One would have thought the Suffolk County government would protect their identity but obviously they haven’t done that,” added Carbone. 

According to the online message, hackers say they have thousands of files taken from county court records, the Sheriff’s Office, contracts and the personal data of citizens as well as county employees.

County officials told News 4's I-Team: “the information posted yesterday on the dark web indicates that a threat actor has claimed responsibility for the current cyber incident in Suffolk County.  The County’s incident response team is assessing this information and working closely with law enforcement agencies.”

While county officials say no ransom request has been received, they continue to evaluate the integrity of the system and so far it appears the network infrastructure is intact.

“Suffolk County should not pay the ransom,” said Adam Scott Wandt, professor of public policy John Jay College of Criminal Justice. “Nor should they engage with the ransomware group.”

Experts argue the groups could be funding shady enterprises and that the county should just focus on securing their networks for the future. 

“The criminals have pinky promised they will destroy the data,” said Brett Callow, of Emsisoft, a cyber security company. “We've seen they don’t. They come back and try to extort the organization a second time or they release the data anyways.”

County officials add that the incident response team is assessing this information and working closely with law enforcement agencies.

Copyright NBC New York
Contact Us