Wichita County Data Breach Exposes Sensitive Information in Texas
A cyberattack targeting Wichita County, Texas, in May 2024 resulted in the exposure of sensitive personal, financial, and medical information belonging to over 47,000 residents. County officials filed breach notification documents with regulators in Texas and Maine, and posted a public notice on their website detailing the extent of the data breach.
The incident, which began on May 7th with a network disruption, remained under investigation until September 3rd, delaying the notification process. The delay, according to officials, was due to the need to “obtain missing address information to effectuate notification to affected individuals and set up the services being offered.”
The Scope of the Wichita County Cyberattack
The compromised data included a wide range of sensitive information: names, Social Security numbers (SSNs), government-issued IDs, financial account details, health insurance information, and specific medical treatment information. This extensive breach affected 47,784 individuals, representing a significant portion of the county’s roughly 130,000 residents.
The county has offered affected individuals two years of credit monitoring and CyberScan dark web monitoring to mitigate the risks associated with the data breach. Notably, county officials have not yet addressed the discrepancy between the number of affected individuals and the county’s total population.
The Medusa Ransomware Gang and the Wichita County Mounted Patrol
Adding another layer of complexity to the Wichita County cyberattack, the Medusa ransomware gang claimed responsibility for the incident at the end of May. They publicly posted what they claimed was stolen data from the Wichita County Mounted Patrol, an organization that hosts rodeo competitions.
However, cybersecurity experts noted that much of the data posted by the ransomware gang did not relate to rodeo events but appeared to originate from county systems. The county has not commented on whether the 1.5 TB of data posted by Medusa is linked to the May cyberattack. The ransomware gang demanded a $320,000 ransom, which was not paid.
A Pattern of Attacks Against US Municipalities
The Medusa ransomware gang has targeted US municipalities in the past, having attacked another government agency in Texas in April 2024 and an Illinois county the previous month. This pattern of attacks highlights the increasing vulnerability of local governments to sophisticated cyber threats. The Wichita County cyberattack serves as a stark reminder of the critical need for robust cybersecurity measures to protect sensitive resident data.
The lack of response from county officials regarding the discrepancy between the number of affected individuals and the county’s population, and the connection between the data posted by Medusa and the county’s systems, raises further concerns about the incident’s handling and potential ongoing vulnerabilities.
