The Attorney General couldn't say what data had been stolen. Looks like Illinois is about find out. Raoul sets up hotline on computer breach as ‘ransomware’ group posts files claimed stolen from attorney general’s office
DoppelPaymer posted 68 documents it said are from the attorney general’s office, as well as other entities they’ve hit, on a website on which a user can find “private data of the companies which were hacked by DoppelPaymer.”
According to the website, the “companies decided to keep the leakage secret. And now their time to pay is over.”
The first set of documents were published on April 21st, with more added on Thursday.
And the lawyers were told that they were doing stupid shit, but lawyers don't like it when you tell them that. Illinois attorney general’s office was warned about weak cybersecurity before ransomware attack.
A state audit released earlier this year warned that Illinois Attorney General Kwame Raoul’s office had a “weaknesses in cybersecurity” that potentially left sensitive information on the agency’s computer network “susceptible to cyberattacks and unauthorized disclosure.”
An outside audit told them that early in the year. Any guesses as to how long their IT staff has been saying the same thing?
The office told auditors its information technology department didn’t do a “comprehensive internal cybersecurity risk assessment ... due to competing priorities,” according to the report.
Translation: You want us to spend money on stuff we don't understand, and being lawyers we don't like to admit that there are things that we don't understand, so we are going to spend money in ways that we would rather spend money.
They also blame COVID, but all of the folks I know in IT have been working remotely most of the year, and some, all of the year. But at a guess I would say that the Attorney General (and company) don't like it when non-lawyers work remotely
And so the insanity that we have today. In the end, they will spend the money on stuff the lawyers don't understand. They will probably offer up the typical "year of credit monitoring" bovine scatology that most victims of data breaches offer the people impacted. That isn't free either. (And those people will be impacted for much more than 1 year.) And in the meantime they look like a bunch of fools, who three weeks out from the breach can't even say what happened. Or maybe they are a bunch fools...
Your tax dollars at work, indeed.
And yes, it has impacted the work of the AG's office, because lawyers are not able to access stuff that is encrypted.
Someday, companies and government agencies will take cybersecurity seriously, but today is not that day.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.