It is often easy to forget that Washington, DC is not merely a concentration of federal institutions, but is a city that is home to hundreds of thousands of residents and businesses. This also means the city proper has its own municipal services, including school districts, garbage collection, and police department. One of these services became a ransomware target.
In April 2021, the Washington Metropolitan Police Department (MPD) reported a ransomware attack. According to Chief Robert Contee, the hackers obtained 250 gigabytes worth of files related to the department’s human resources side, including “Personally Identifiable Information (PII).” A group under the name of Babuk claimed responsibility for the attack.
The Metropolitan Police acknowledged that data regarding some of its personnel had been compromised during the attack. Babuk threatened to release the information publicly unless the police department paid the ransom within three days. In turn, the police department brought in the FBI to assist with the case.
As with the general public, police officers are just as susceptible to the typical issues involving personal information that come with data breaches, such as exposed bank account information and social security numbers. However, because of what they do, police officers will inevitably get on someone’s bad side. Babuk knew this.
The hackers revealed that the information they retrieved included officers’ housing history, polygraph results, and arrest records, among other things. Some of this information was even posted following the breach. Needless to say, someone from an officer’s past now holding a grudge could have easy access to such sensitive information.
It was not only officers who were affected, however. The breach also revealed information the MPD had on area residents, including informants and suspected gang members. Such data not only potentially jeopardizes the lives and safety of police officers, but also of some DC residents.
Growing Threat to Police Departments
A direct attack on a police department is a brazen move. Ransomware and other cyberattacks have been growing exponentially. By the end of April 2021 alone, 26 US-based government departments were the victims of cyberattacks, including police departments in Presque Isle, Maine and Azusa, California. Washington was merely the latest recipient.
Many police computer systems are legacy. Furthermore, due to the nature of law enforcement computer systems that police departments use cannot go offline for extended periods.
While much national focus on the District’s affairs is on Capitol Hill and the White House, from under the federal government’s shadow the city proved that any level of government is prone to cyberattacks. The MPD breach was not an isolated occurrence, but rather part of an alarming increase in cyberattacks against law enforcement at the local level.
In 2019, the Los Angeles Police Department revealed that 20,000 job applicants, including many who became officers, had their data stolen. Later that year, the New Orleans city government was assaulted, forcing police offline and unable to enter arrest warrants, or run license plates background checks until the city resolved the issue. The same year, the St. Lucie County Sheriff’s Office of Florida reported a breach wherein the hackers demanded a $1 million ransom.
Data Security Is Public Security
Law enforcement agencies now face a sobering reality—their departments are increasingly becoming prime targets for cybercriminals. It is imperative that such agencies invest in the technology they use to mitigate risks and complicate cybercriminal activity targeting them.
SecureDrive and SecureUSB are hardware-encrypted external drives that help endpoint security, featuring brute-force, anti-hacking protection and user authentication via PIN (KP drives) or password through a mobile device (BT drives). To further enhance security measures and data protection, both BT drives work with Remote Management, which enables an administrator to remotely set restrictions on when and where devices can be used and wipe all data on them.
Government entities can benefit from Secure Drive products to secure their sensitive information, and our security credentials are second to none to ensure data is well protected. The federal government identifies security measures and policies to which defense contractors and its own agencies must abide in a multilevel standard known as CMMC. Our products meet CMMC Level 3 criteria and are certain to help any law enforcement agency boost its cybersecurity.
To start your enhanced cybersecurity policy or to learn more, contact a SecureDrive expert today at 424-363-8535.