The city of Santee, California, has been dealing with a data security incident for the past four months, which involved the theft or encryption of company property. The city hired an attorney who revealed that the incident led to a $603,000 contract with a company specializing in ransomware to try to recover the stolen data.
City officials have been tight-lipped about the investigation, refusing to disclose details about the data involved, whether there was a ransom demand, or when the investigation might conclude. City Manager Marlene Best stated that they are still in the process of working on the investigation and reiterated that there were no public safety concerns related to the incident.
The only official statement released by the city in September mentioned that the cyber incident impacted the computer network servicing administration offices for the city. It assured the public that there were no issues with systems supporting 911 services and that the city remained open for business throughout the incident.
Three days after the incident occurred on August 20, the city signed a contract with Coveware, a company specializing in ransomware recovery. The original contract was heavily redacted, but it was later released to the public after being requested by the San Diego Union-Tribune’s attorney. The contract indicated that Coveware was hired to recover the stolen property, but the specific services provided were not detailed.
Cybersecurity experts have weighed in on the incident, speculating about the possible motives behind the data theft and encryption. Threat intelligence analyst Luke Connolly highlighted the various ways in which data encryption can be defeated, such as through technical expertise or law enforcement intervention. He also noted the concerning trend of organizations paying ransoms to cybercriminals, which only perpetuates further attacks.
The incident in Santee is not an isolated case, as cyber attacks targeting organizations, including health care systems and government entities, have been on the rise in recent years. The health care sector has been a frequent target of cyber attacks, with incidents more than doubling between 2022 and 2023. Government entities, like the city of Borger in Texas, have also fallen victim to cyber attacks, causing disruptions to critical services like water supply.
The cyber incident in Santee serves as a reminder of the growing threats posed by cybercriminals and the importance of robust cybersecurity measures to protect sensitive data. As investigations continue, the city is focused on addressing the issue and ensuring the safety and security of its systems moving forward.