Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label INC Ransom gang. Show all posts
Personal Data Breach
Cyberattacks Data Breach Data breaches attacks Data Leak data security INC Ransom gang Inc ransomware Library Personal Data Breach

Pierce County Library System Data Breach Exposes Information of Over 340,000 People

 

A cyber attack on the Pierce County Library System in the state of Washington has led to the compromise of personal data of over 340,000 people, which is indicative of the rising threat of cybersecurity breaches being posed to public services. This attack has impacted library services in the entire county, along with library users and staff. The incident was made known to the public through breach notification letters published on the website of the Pierce County Library System. 

The incident, as revealed in the notification letters, occurred when the library system detected the incident on April 21 and decided to shut all library systems in an effort to control the breach. The library system conducted an investigation that confirmed the breach had taken place. 

The library network was also able to identify that the exfiltration of data from individuals who utilized or were part of the institution was successful on May 12. It was established that the hackers had access to the network from April 15 to April 21. Access to sensitive information was gained and exfiltrated during this time. The level of information that was vulnerable varied depending on who was targeted. 

The data that was breached for the benefit of the library patrons included names and dates of birth. Though very limited compared to the data for employees, this data is still significant for use in identity-related fraud. The breach had severe implications for current and former employees who worked within the library system. The data that was stolen for them included Social Security numbers, financial accounts, driver’s license numbers, credit card numbers, passports, health insurance, and certain data related to medical matters. 

This particular ransomware assault would later be attributed to the INC ransomware gang, which has been responsible for a number of highly detrimental attacks on government bodies over 2025. The gang has previously conducted attacks on bodies such as the Office of the Attorney General of Pennsylvania and a countrywide emergency alert service used by local authority bodies. This type of situation is not the first that has occurred on the level of Pierce County. 

In the year 2023, Pierce County was the victim of a ransomware attack on the public transit service that the community utilized heavily because the service was used by 18,000 riders on a daily basis. Public library networks have become a common target for ransomware attacks in recent years. This is because cybercriminals also perceive public libraries as high-stakes targets since community members depend on them for internet access to their catalogs and other digital services, creating a challenge where an organization may feel pressured into paying a ransom demand to resume operations. Such attacks also include national and city library networks in North America. 

The current threat environment has led to calls for developing targeted programs within the government in the United States that would evaluate risks for libraries' cybersecurity environments. This involves enhancing data sharing related to cyber attacks and providing libraries with more support and advanced services from firewalls that target libraries specifically. 

The increasing digitization efforts by libraries as government institutions further solidify that a breach such as that which Pierce County experienced is a reminder that a continued investment in cybersecurity measures is a necessity.
Read more »
OnSolve ransomware
CodeRED breach Crisis24 cyberattack Cyber Attacks emergency alert system outage INC Ransom gang OnSolve ransomware

Crisis24’s CodeRED System Hit by Cyberattack, Forcing Shutdown and Data Rebuild After Ransomware Breach

 

Risk management firm Crisis24 has revealed that its OnSolve CodeRED emergency alert platform was compromised in a cyberattack that disrupted notification systems for numerous U.S. state and local agencies, including police and fire departments.

CodeRED is widely used to issue public alerts during critical incidents. Following the intrusion, Crisis24 was forced to take its legacy CodeRED infrastructure offline, which led to significant service interruptions for organizations that depend on the system for emergency messages, weather notifications, and other critical alerts.

According to statements and an FAQ shared with affected customers, Crisis24’s investigation found that the incident was isolated to the CodeRED environment, with no impact on the company’s other systems. However, the company confirmed that attackers exfiltrated customer data, including names, home addresses, email IDs, phone numbers, and passwords associated with CodeRED user profiles. Crisis24 says it has not seen evidence that this stolen information has been released publicly.

The City of University Park, Texas, echoed this in a public notice, stating:
"CodeRED has informed us that while there are indications that data was taken from the system, at this time, there is no evidence that this information has been posted online."

Because the attack severely damaged the platform, Crisis24 is now rebuilding CodeRED by restoring backups into a newly launched environment. The available backup was dated March 31, 2025, meaning some user accounts and data may be missing as the system comes back online.

Agencies across the country—counties, cities, and public safety departments—have been informing residents of service disruptions and working to restore their emergency alert capabilities.

Although Crisis24 attributed the attack to an “organized cybercriminal group,” BleepingComputer has confirmed that the INC Ransomware gang has taken responsibility. The group added an entry for OnSolve on its Tor-based leak site and shared screenshots displaying what appear to be customer emails and passwords in clear text.

INC Ransom claims it infiltrated OnSolve’s systems on November 1, 2025, followed by file encryption on November 10. After not receiving a ransom payment, the group says it is now attempting to sell the stolen data.

Because the leaked passwords are shown in readable text, customers are urged to reset any CodeRED passwords used on other platforms.

INC Ransom is a ransomware-as-a-service (RaaS) operation that emerged in July 2023 and has since attacked organizations around the world. Its victims span multiple industries, including education, healthcare, government agencies, Yamaha Motor Philippines, Scotland’s NHS, retail giant Ahold Delhaize, and Xerox Business Solutions in the U.S.
Read more »
Subscribe to: Comments (Atom)