A significant data breach has impacted the Washington, D.C. Department of Insurance, Securities and Banking (DISB), facilitated by a ransomware attack from the LockBit gang. The incident involved unauthorized access to 800GB of sensitive data, which LockBit claimed to have stolen. The breach was traced back to a third-party technology provider, Tyler Technologies, which alerted DISB that their cloud-hosted STAR system client data had been compromised. This cyberattack highlights the vulnerabilities associated with relying on third-party vendors for data management and storage.
Tyler Technologies reported that the breach was discovered by its IT team who found unauthorized activity within an isolated segment of their private cloud hosting environment. In response, the affected systems were taken offline immediately to prevent further unauthorized access. The company has been actively working with affected clients and third-party cybersecurity experts to investigate the breach and restore system access securely. Tyler Technologies confirmed that the data was encrypted by the threat actor, who also managed to exfiltrate some of it.
Following the breakdown of negotiations, LockBit threatened to leak a portion of the stolen data to pressure DISB into paying a ransom. Subsequently, some of the data was indeed released, underlining the persistent threat posed by ransomware gangs like LockBit, which continue to operate despite international law enforcement efforts. This incident marks another significant cyberattack in Washington, D.C., following last year’s attack on the city’s healthcare exchange platform, which compromised the personal information of thousands, including members of Congress and staff.
In addition to notifying the relevant law enforcement authorities, Tyler Technologies has undertaken measures to bolster their cybersecurity defenses and is currently working to identify which individuals’ personally identifiable information (PII) was accessed. They have also reached out to their clients and offered support in dealing with the aftermath of the breach. The incident underscores the ongoing challenges and risks of cyber threats, especially those involving sophisticated ransomware operations that target and exploit both governmental and private sector entities.