A sophisticated ransomware attack against a San Jose-based housing advocacy group has impacted over 40,000 of its clients and staff, exposing data that includes Social Security and immigration numbers, medical records and financial information.
The Law Foundation of Silicon Valley — which provides legal services for thousands of low-income individuals and families in accessing social services — said the attack happened on Feb. 18. and also compromised driver’s license numbers, credit card information, passport and government ID numbers, taxpayer ID numbers, dates of birth and digital signatures. The name of the entity responsible is called “ALPHV,” a group known to target the healthcare and public health sector, according to the U.S. Department of Health and Human Services
“Honestly, I’m sick to my stomach about it,” said Alison Brunner, Chief Executive Officer of the Law Foundation. “We are helping people with sensitive life issues. It’s really hard to take this in.”
Brunner said none of their clients so far have informed the Law Foundation that their information was used nefariously. Information involving 42,525 people was exposed — and the organization said they waited to notify the public until a cyber security investigation was completed. Brunner said her organization will be mailing out letters in July to those impacted and additional security measures have been put in place to prevent another attack.
“We take the trust of our community and clients seriously,” she said. “We know we’re going to have to work to get back that trust.”
The Law Foundation is the second San Jose-based entity in the last two months to face a widespread cyber attack. In May, the Santa Clara Family Health Plan, a San Jose-based Medi-Cal provider, reported a data breach that exposed over a quarter million people’s sensitive information. That attack was blamed on a Russia-linked ransomware group called “Clop,” according to the U.S. Department of Health and Human Services.
Source: www.mercurynews.com