blog post
Victorville, What Have We Learned?
Last week, residents of Victorville, a California city approximately two hours northeast of Los Angeles, received alerts from city officials informing them of a data breach. Hackers had infiltrated the city’s systems, maintaining unauthorized access from August 12 to September 26.
The city of Victorville, home to roughly 135,000 people, commenced the process of sending out notifications to affected individuals, cautioning that the compromised files might include sensitive information. The specifics mentioned were names along with other potentially exposed data such as Social Security numbers, driver’s license or state ID numbers, and details related to medical records or health insurance policies.
In the aftermath of the breach, the city is facilitating one year of complimentary identity protection services for the victims. Despite these measures, city representatives remained unavailable for additional commentary regarding the incident’s particulars. However, a social media update from the city on September 25 hinted at the turmoil, referencing disruptions that took offline several digital services, including their phone lines, website, and online payment portals.
Acknowledging the technical difficulties, the city assured residents via Facebook that penalties like late fees or utility service interruptions would not be imposed during the downtime. They also encouraged in-person bill payments and established temporary phone lines to handle residents’ concerns and queries.
Although the city reported partial restoration of certain services by October 3, challenges persisted with several web-based applications. The city authorities did not follow up with further public communications about the system’s full recovery.
Adding to the city’s cyber woes, the NoEscape ransomware group, on Tuesday, publicly listed Victorville as one of its recent targets. The group boasts of pilfering 200GB of data from the city’s compromised systems.
This incident adds to the growing list of cyberattacks in the region, with Victorville’s San Bernardino County itself reeling from a separate ransomware assault earlier in April.
The hits just keep on coming, and I am willing to bet my mortgage that Victorville learned nothing from the attack in April. Watch for repetitive and subsequent attacks on targets like Caesar’s and MGM Grand in the not too distant future.
Author
Steve King
Managing Director, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.