Malicious hackers have uploaded a vast collection of private documents from the police department of a San Francisco Bay Area transit system to the internet, including specific claims of child abuse.
The Bay Area Rapid Transit (BART) Police Department is responsible for the breach. BART's chief communications officer, Alicia Trost, stated in an email that authorities were looking into the uploaded files and that there had been no impact on BART services as a result of the hackers. The exact date of the hack is unknown.
The culprits are part of a well-known ransomware hacker group that targets particular businesses and either encrypts private files or threatens to post them on the dark web. A review by NBC News found that the website where the BART Police leaks were posted contains more than 120,000 files.
Among the files are at least six scanned, unredacted reports describing alleged child abuse. These reports include the names and dates of birth of the children who are in danger, as well as descriptions of the alleged adult abusers in some cases.
To prevent file sharing, ransomware hackers frequently demand money. Trost declined to provide more details, but Brett Callow, an analyst at the cybersecurity company Emsisoft, believes that the fact that the files are currently accessible online suggests that BART declined to make payment.
A police officer can recommend a person for a mental health evaluation using the website's mental health record form. Other files include hiring paperwork for potential officers, police reports that name suspects in various crimes, and the names and licence numbers of contractors who have worked on BART projects.
Even though cyber extortion attacks on American public sector organisations, including police departments, have increased in frequency, such sensitive police file leaks are still uncommon.
According to a survey conducted by Emsisoft, ransomware hackers successfully attacked over 100 networks connected to local government organisations last year.
According to a Treasury Department estimate, ransomware attacks cost American businesses $886 million in 2021, the most recent year for which data is available.
“Unfortunately, not enough progress has been made in securing public sector organizations,” Callow stated. “They can compromise investigations, resulting in exceptionally sensitive information leaking online, and even put people’s lives at risk — both officers and the public's.”
A different hacker group broke into the Washington, D.C., Metropolitan Police Department in 2021 and released private information about 22 officers after the department refused to pay.
Such hackers frequently target school districts in their attacks. Due to a "cyber security incident," which is a phrase frequently used to refer to a ransomware attack, Des Moines Public Schools cancelled classes on Tuesday. According to Emsisoft, ransomware affected nearly 2,000 American schools in 2022.
