Ohio city suffers ransomware attack. Investment firm CEO sues IRS for leaking tax documents. Uber data takes another ride to the dark web.

At a glance.

• Ohio city suffers ransomware attack.
• Investment firm CEO sues IRS for leaking tax documents.
• More on LockBit ransomware attack on the California Department of Finance.
• Uber data takes another ride to the dark web.

Ohio city suffers ransomware attack.

The city of Whitehall, located in the US state of Ohio, has disclosed that its systems were hit with a ransomware attack that compromised the personal data of approximately 37,000 people. 10tv.com reports that notification letters are being distributed to everyone impacted, which includes individuals in eleven states and one US territory. City administrator Zach Woodruff says that after the attack was detected last May, the city recruited the services of a law firm and a cybersecurity firm to investigate. On May 31, the city tweeted, “City Hall is closed to the public for the remainder of the day following technology issues,” but did not make any mention of a ransomware attack. The city chose not to pay the ransom but was able to retrieve the compromised files. When asked why the city took over six months to notify those impacted, a city administrator said the time was needed to determine who was affected.

Investment firm CEO sues IRS for leaking tax documents.

The Financial Times reports that Ken Griffin, CEO of the US investment firm Citadel, is suing the US Internal Revenue Service (IRS) and the Treasury Department for alleged “unlawful disclosure of Griffin’s confidential tax return information.” The claims stem from the leak of Griffin’s tax records to non-profit media group ProPublica last year. ProPublica has been publishing “The Secret IRS Files,” a series of stories revealing the tax avoidance techniques of the ultrawealthy based on IRS information of thousands of the richest Americans. Elon Musk, Warren Buffet, and Jeff Bezos are among the individuals discussed in the series. In the lawsuit, Griffin alleges IRS employees were able to “misappropriate” the confidential tax information and leak it to ProPublica because of the government agency’s lax security, and claims the IRS “wilfully and intentionally” failed to protect his tax records. Griffin insured a written statement claiming, “IRS employees deliberately stole the confidential tax returns of several hundred successful American business leaders. It is unacceptable that government officials have failed to thoroughly investigate this unlawful theft of confidential and personal information.” The multibillionaire is seeking $1,000 in damages for each unauthorized tax return disclosure.

More on LockBit ransomware attack on the California Department of Finance.

As we noted yesterday, the LockBit ransomware group has taken credit for an attack impacting the California Department of Finance. The Register reports that the prolific cyber gang claims it exfiltrated 76GB of the agency’s data, including databases, confidential information, financial and IT documents, and “sexual proceedings in court.” Though a ransom demand has not been confirmed, LockBit is threatening to publish all of the data on December 24, presumably unless the agency pays up. Few details about the attack have been released, but a statement from the The California Cybersecurity Integration Center (Cal-CSIC) says the breach was “proactively identified” through a coordinated state and federal effort, and that “upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.” 

Uber data takes another ride to the dark web.

Rideshare platform Uber has apparently been hit with a data breach, as over the weekend a hacker named ‘UberLeaks’ published information allegedly belonging to Uber employees on dark website BreachForums. Uber also suffered a data breach in September, but the company says the newly released data is not connected to the previous incident and was stolen in a separate attack on third-party asset management provider Teqtivity. The published data includes multiple archives that appear to be the source code for mobile device management platforms used by Uber, Uber Eats, and third-party vendor services. The loot also includes data destruction reports and other corporate data, and one document contains the email addresses and Windows Active Directory information for over 77,000 Uber employees. Teqtivity says an intruder gained unauthorized access to a AWS-hosted backup server that stored code and data files pertaining to Teqtivity’s clients, including Uber. Deryck Mitchelson, Field CISO at Check Point Software, told Computing, “The most recent Uber breach should act as a stark reminder that just because you’ve been targeted once, doesn’t mean you are now immune to another breach. Cybersecurity is a continuous journey of evaluation and action, and organisations cannot afford to let prevention slip down the priorities list.”