Upper Merion Township, Pennsylvania officials this week confirmed they notified residents about a December 2023 data breach that compromised their personal information.
The township has not publicly disclosed number of people affected or the contents of the breached data. Upper Merion is offering victims free credit monitoring via Equifax, implying the data contained information that could be used for identity theft.
“The Township detected that some elements of our network had been affected by malware and, as a result, an unauthorized party accessed and/or acquired data from the network on December 27, 2023,” the notice (PDF) reads.
Ransomware gang Qilin claimed responsibility for the breach in January 2024, saying it stole 500 GB of data including private contracts, emails, and financial documents. The group posted a proof pack containing a sample of the allegedly stolen documents.
Upper Merion has not verified Qilin’s claim. We do not yet know whether the Township paid a ransom, how much Qilin demanded, or how attackers breached the local government’s network. Comparitech contacted Upper Merion officials for comment and will update this article if they respond.
A Facebook post by city officials on December 28, 2023 stated, “Upper Merion Township is experiencing network, email, and phone system disruptions […] the Township will be required to disconnect certain services form the Internet.”
Who is Qilin?
Qilin, also known as Agenda, is a Russia-based hacking group that mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and also offers ransomware-as-a-service to third parties. Its attacks usually involve double extortion, in which Qilin demands payment to decrypt files encrypted by its ransomware, as well as additional payment in exchange for not releasing or selling stolen data.
Comparitech researchers logged 15 confirmed ransomware attacks claimed by Qilin so far in 2024, including major attacks on The Big Issue and Synnovis. The latter disrupted health services for patients and compromised the data of 900,000 people.
Yesterday, New TSI Holdings a.k.a. New York Sports Club confirmed it was the victim of a data breach claimed by Qilin that compromised the data of nearly 20,000 people.
In 2023, we recorded 10 confirmed ransomware attacks claimed by Qilin. Its government targets included Syndicat Mixte Départemental d’Énergies de l’Ariège (France) and Court Services Victoria (Australia). Qilin’s largest attack in 2023, by number of records affected, was on Cardiovascular Consultants (484,000 records).
Ransomware attacks on US government
Ransomware attacks on local governments can disrupt public services like tax payments, billing, email and phone systems, court proceedings, permitting, welfare programs, and more. Cities are forced to pay a ransom to restore their systems and/or prevent stolen data from being sold to third parties or published online.
Comparitech tracked 66 confirmed ransomware attacks on government agencies in the US in 2024, and 79 such attacks in 2023. Other attacks confirmed in the last month include those on the Delaware Division of Libraries; Ulster, NY; Arkansas City, AR; and Richardson, TX.
Another 24 attacks on US government agencies in 2024 have been claimed by ransomware groups but not acknowledged by victims.
About Upper Merion Township
Upper Merion Township is a suburb of Philadelphia in Montgomery County, Pennsylvania. As of the 2020 census, the population is about 34,000 people and the township covers an area of 17 square miles.
Source link