A cyberattack on the Cooke County Sheriff’s Office compromised people’s personal information, County Judge Jason Brinkley said.
A press release issued Monday, July 20, states a ransomware attack on the county’s information system for the CCSO on July 4 resulted in a data breach of personal identification information.
“Cooke County is in the process of identifying the individuals and necessary agencies to ensure they receive proper notice,” the release states.
Brinkley said Monday he could not provide an estimate on how many individuals had their personal information leaked. He did say that the CCSO was the only county department impacted by the attack.
“This is the first major security breach that I am aware of for Cooke County,” Brinkley said when asked when the last time was that the county faced a security breach.
Shortly after the data breach, ITWire, an Australian information technology news website, reported that attackers claimed to have used REvil ransomware to attack the Cooke County website. The attackers posted screenshots on the dark web — part of the internet that requires specific software or authorization to access — showing what are said to be documents and data from the sheriff’s office, according to a previous Register report.
Screenshots from the attackers’ announcement about the hack showed data folders with filenames that appeared to reflect archived case files as well as current cases. The screenshots, provided by threat analyst Brett Callow with antivirus software company Emsisoft, also displayed a threat that the files would be uploaded in seven days, though Callow said it’s unclear what date that was counting from, according to the archived Register report.
REvil, used to refer both to the hacker group and the ransomware it uses, was first identified last year and is known to auction the data it steals, Callow previously told the Register.
As of press time Monday, the cyberattack remained under investigation, county officials said.