The Donald W. Wyatt Detention Facility in Rhode Island has disclosed a data breach impacting the personal information of roughly 2,000 inmates, staff, and vendors.
According to the correctional facility, the incident occurred in November, and involved malware being deployed on its computer systems, as well as data theft.
The investigation into the matter revealed that the attackers compromised the personal information of more than 1,450 detainees, over 430 current and former staff members, and roughly 90 outside vendors.
“At this time, we believe that various types of data were taken from the Facility’s systems and posted on the dark web, including certain financial information, certain detainees’ medical information, certain current and former staff information, and certain vendor information,” the Donald W. Wyatt Detention Facility notes in an incident notification on its website.
Some of the compromised information includes names, addresses, home and cellphone numbers, dates of birth, hire dates, job titles, and Social Security numbers.
“Individuals affected by this incident are being notified as required by law, and free credit monitoring will be offered to affected and eligible individuals,” the prison says.
The facility also notes that its investigation into the incident continues and that any additional individuals who might have been affected will be notified.
While the facility did not share details on the type of cyberattack it fell victim to, the Play ransomware group claimed responsibility for the incident in mid-November and has since made the allegedly stolen information available publicly.
Established in 1993 and located in Central Falls, Rhode Island, the Donald W. Wyatt Detention Facility is a non-profit, quasi-public prison currently operated by the Central Falls Detention Facility Corporation.