The New York Police Department’s (NYPD) fingerprint database was struck by ransomware resulting in the system being offline over the weekend.
According to the New York Post, the attack came about after a third party vendor was setting up a digital display, at the Queen’s police academy on October 5, when he connected a tainted computer to the network.
An unidentified infection was sent to 23 police computers linked to the LiveScan fingerprint tracking system.
Deputy Commissioner for Information Technology Jessica Tisch told the New York Post, that within hours the breach had been identified. The breach only impacted 1% of the department’s computer.
The ransomware was “never executed” but the LiveScan system was shut down and reinstalled on 200 computers citywide as a precaution.
The vendor, who remains unidentified, was not charged with any wrongdoing.
According to the state Division of Criminal Justice Services, the database contains around seven million files.
Javvad Malik, security awareness advocate at KnowBe4 said: “This incident serves as a reminder that even with good technical controls in place, all it takes for one act of negligence by an employee or contractor such as clicking on a link, or as in this case, plugging in an infected device into the network for trouble to spread rapidly.”
Peter Martini, president and co-founder at iboss told Threatpost, that the department dodged a bullet.
In a recent column, Martini said: “The catastrophic capabilities of ransomware attacks on public institutions are frankly astounding and if an attack on a major city is successfully carried out, it would likely qualify as a national emergency.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/