Attack on the home of Spam exposes details of thousands
A ransomware attack on Minnesota’s Mower County exposed tens of thousands of its residents, the local government organization revealed in a recent breach notice.
The county started reaching out to individuals potentially impacted by the June ransomware attack, the Mower’s data breach notice reveals.
According to the letter sent out to potentially impacted individuals, the county detected the attack On June 18th, with subsequent investigation revealing the attackers roamed the organization systems since June 11th.
Mower County, located on the Southern edge of the US state of Minnesota, is home to over 40,000 people.
Hormel Foods, one of the largest processed food companies in the US, is headquartered in Austin, located in Mower County. Spam, a brand of lunch meat, is one of the most recognizable Hormel’s brands, which is why there’s Spam Museum in Mower County.
Mower County announced it suffered a ransomware attack immediately after it discovered issues with its system, back in June. The County shut down its systems immediately after the attack, causing disruption in the local government.
A couple of months after the attack, the County issued a statement saying attackers did access “protected health information related to individuals who received services from the County Health and Human Services Department.”
This type of data usually involves personal identifiable information (PII) as well as other sensitive details like diagnoses, treatment plans and other information most people don’t want to be public.
However, it is unclear which ransomware gang targeted the home of Spam, as the county’s data did not appear on any of the dark web forums that attackers use to coax victims into paying the ransom.
That’s likely because attackers didn’t need to convince the officials too much. According to reports from Government Technology, the county agreed to pay “a fee to ensure a full and efficient resumption of services and protection of personal data.”
“While making the payment was a difficult choice, the commissioners determined it was the necessary approach to best protect personal data and serve the interests of Mower County residents and employees,” the county’s statement read.
Meanwhile, information Mower County submitted to the Maine Attorney General revealed the true extent of the attack.
According to details submitted by the county, over 27,000 individuals were exposed in the attack. Since the total population of Mower County is 40,000 people, the attackers likely accessed details about the majority of the adult population of the area.
The recent data breach notice claims the County is not aware of any instances where the exposed details would have been misused. However, the county will offer potentially impacted individuals an undisclosed length of complimentary membership with identity theft monitoring services.
“Remain vigilant for incidents of fraud and identity theft by regularly reviewing your account statements and free credit reports for any unauthorized or suspicious activity,” the data breach notice said.
Unlock more exclusive Cybernews content on YouTube.
