Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack.
The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it.
The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data that might have been compromised.
The investigation revealed that personal information such as names, addresses, driver’s license numbers, and Social Security numbers might have been compromised, the county says in a notification letter sent to impacted individuals, a copy of which was submitted to the Montana Attorney General.
“Although we have no conclusive evidence that the cybercriminal was successful in removing your personal information from Southampton’s server, out of an abundance of caution we wanted to alert you to this matter and provide you with free credit monitoring,” the letter reads (PDF).
Southampton County also confirmed that the threat actor behind the attack has posted some of the stolen data online.
“After Southampton recovered from this incident, a single W-2 form appeared on the dark web with the criminal claiming that they removed sensitive data from the encrypted Southampton server. The server in question held some archived County information,” the letter reads.
In September, the LockBit 3.0 gang boasted on their leaks site on the Tor network about the attack on Southampton County.
The ransomware gang has only made public several screenshots showing mostly the names of folders allegedly stolen from the county’s systems. However, the page dedicated to Southampton also displays a ‘destroy all information’ button and a ‘download data at any moment’ button, both with a price tag of $90,000.
Related: California County Says Personal Information Compromised in Data Breach
Related: Toyota Discloses Data Breach Impacting Source Code, Customer Email Addresses
Related: Samsung US Says Customer Data Compromised in July Data Breach

More from Ionut Arghire
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
Latest News
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
