Southampton County victim of ransomware incident

Published 12:09 am Friday, December 2, 2022

Southampton County was the victim of a ransomware incident in early September, according to a recent letter to county residents from County Administrator Brian S. Thrower. 

Brian S. Thrower

He noted that though there is no conclusive evidence the cyber criminal was successful in removing county citizens’ personal information from the county’s server, the types of information involved may have included names, social security numbers, driver’s license numbers and/or addresses. 

“We are writing to share with you how this incident may have affected your personal information and, as a precaution, to provide you with steps you can take to protect your information,” Thrower wrote.

He opened the letter by mentioning that many localities and organizations across the U.S. have unfortunately been victimized by ransomware incidents, and he then explained what ransomware is.

“Ransomware is a form of malware that is used by cyber criminals to prevent users from  accessing files, and, in some cases, to extract and hold data hostage until a ransom is paid,” he stated. 

In the incident relevant to Southampton County, a cyber criminal accessed a single server at Southampton and encrypted it, Thrower wrote.

“We were able to recover from this matter and successfully prevent this incident from impacting any of our critical operations,” he stated. “However, thereafter the cyber criminal claimed that they took sensitive data from the server. This caused us to review the server in question to determine any personal information contained on it.”

The next paragraph of the letter is one the county put in bold print for emphasis: “Although we have no conclusive evidence that the cyber criminal was successful in removing your personal information from Southampton’s server, out of an abundance of caution we wanted to alert you to this matter and provide you with free credit monitoring.”

Thrower then emphasized, “Southampton takes the privacy and security of your personal information very seriously, and we sincerely regret any concern this incident may cause you.”

The letter then goes into greater detail about what happened in early September and what the county is doing about it.

“On Sept. 6, 2022, a single server at Southampton was encrypted by a cyber criminal,” Thrower wrote. “Fortunately, Southampton fought off this cyber-attack with no interruption to essential  county operations. 

“However, after Southampton recovered from this incident, a single W-2 form appeared on the dark web with the criminal claiming that they removed sensitive data from the encrypted Southampton server,” Thrower continued. “The server in question held some archived county  information.”

He explained that upon discovering the incident, the county’s information technology team promptly took the appropriate steps to contain the incident. 

“To ensure the safety of our community’s systems, we also engaged with leading outside security experts to conduct a thorough review of our environment,” Thrower wrote. “We also notified the FBI Cyber Crimes Division, the Virginia State Police, and the Virginia Fusion Center. We are supporting law enforcement in their efforts to bring the criminals to justice.”

He noted that the county takes its obligation to safeguard personal information very seriously, and the locality is continuing to evaluate additional actions to strengthen its network security in the face of an ever-evolving cyber-threat landscape. 

The aforementioned types of personal information that may have been included in the ransomware incident were determined by the county’s outside counsel, which came to its determinations based on its extensive review of any information that was held on the server. Counsel conducted the review in order to identify any person who might have been impacted in this incident.

Thrower then turned his focus in the letter to what county citizens can do to protect themselves.

“We are alerting you about this issue so you can take steps to help protect your identity,  personal information and credit information,” he said. “You are entitled to one free credit report annually from each of the three nationwide consumer reporting agencies.”

To order a free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228, Thrower stated.

“We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports,” he wrote. 

Thrower then added this in bold print: “In addition, we have arranged to offer credit monitoring and identity restoration services from Experian at no cost to you.” 

The letter included an enclosed reference guide providing more information about the services and how to register for them, directions for requesting credit reports and additional recommendations on the protection of personal information.

Thrower closed out the letter by providing contact information for those with questions.

He wrote that if county residents have any questions regarding the ransomware incident or the credit monitoring services, they should call 833-420-2827 toll-free Monday-Friday from 9 a.m.-11 p.m. and Saturday and Sunday from 11 a.m.-8 p.m., excluding major U.S. holidays.

County residents may also reach the county at privacy@southamptoncounty.org.