Detroit PBS, a community-based local TV station serving a diverse range of programs, has disclosed a cyberattack during which “an unauthorized actor” exfiltrated sensitive information. Qilin ransomware has claimed the breach and released 345 gigabytes of files.
The data breach was detected on September 1st, 2024, according to a filing with Maine’s Attorney General’s office.
The investigation revealed that certain Detroit PBS systems had been infected with malware, which prevented access to certain files.
“An unauthorized actor exfiltrated information from the Detroit PBS environment,” the document reads.
The stolen files included personal information of at least 1,694 individuals, including names, addresses, and Social Security numbers.
The public broadcasting station said it undertook an in-depth address lookup to identify the most recent contact information for affected individuals. The TV station is offering free credit monitoring services for affected individuals.
“Detroit PBS moved quickly to investigate and respond to the incident, assess the security of Detroit PBS systems, and identify potentially affected individuals. Further, Detroit PBS notified federal law enforcement regarding the event. Detroit PBS is also working to implement additional safeguards and training for its employees,” the television station said.
Qilin ransomware, a Russian-speaking hacking group that attacks organizations for financial gains, claimed Detroit PBS on September 23rd, 2024. A post on the gang’s victim site on the dark web claims that hackers obtained 176,487 files, totaling 345 gigabytes.
The provided screenshots include invoices, financial information, a memorandum of agreement, and other documents. It seems that Detroit PBS didn’t pay the ransom and the cybercriminals released the files. Cybernews didn’t attempt to access them, we reached out to Detroit PBS for clarification and are awaiting their response.
Qilin ransomware is notorious for high-profile cyberattacks against hospitals in London and elsewhere. The group, also known as Agenda, operates ransomware-as-a-service (RaaS) and doesn't attack Russia and other Commonwealth of Independent States (CIS) countries. The cybercriminal group has been linked to exploiting its victims with a destructive zero-day vulnerability known as the “Citrix Bleed.”
Your email address will not be published. Required fields are markedmarked