California union confirms ransomware attack following LockBit claims

One of the largest unions in California confirmed this week that it is dealing with network disruptions due to a cyber incident following claims of an attack last month by a notorious ransomware gang.

Service Employees International Union (SEIU) Local 1000 represents nearly 100,000 state employees in California across more than 2,000 worksites in the state.

Last month, the LockBit ransomware gang said it stole 308 gigabytes of data from the union that included employee Social Security numbers, salary information, financial documents and more.

The organization did not respond to repeated requests for comment but addressed the issue in a public statement this week, confirming that on January 18 they “experienced a network disruption by an outside actor.”

“As we investigated the incident we learned that it was caused by certain data being encrypted. We are aware of the discussion happening on social media about the type of attack we are purported to have had and the actor by whom it was apparently done,” they said in reference to LockBit’s claims.

“We are currently working with outside experts to ensure ongoing network security and assist and advise as we continue to restore our operations. This incident was a criminal cyber act and is being treated as such as we assist law enforcement.”

The organization is in the process of determining what personal information was stolen or accessed during the attack and plans to notify anyone affected. Free credit monitoring and identity theft protection services will be offered to victims, they added.

The attack “has caused concern and also inconvenience” but work has proceeded in spite of the outages. State agencies have continued to work with them on ongoing bargaining issues, cases, grievances, hearings, and meetings.

“As we fully bring our systems back online, we have never stopped fighting for the rights of state workers,” the statement explained. “Coordinated attacks against unions come from a number of anti-worker groups, and we will not let this one distract us from the important issues that face us with the State, the budget process or any of the upcoming political primary battles.”

The organization’s website now included a banner notifying people of the network disruptions and providing a phone number for those with questions.

Institutions in California continue to face a barrage of cyberattacks, from ransomware gangs like LockBit and other groups. At least seven cities, including San Francisco, Oakland and Hayward, have been hit by ransomware attacks and hackers have pilfered data from the California’s Public Employees' Retirement System (CalPERS) as well as a California-based company that controls 16 hospitals across the country and a major pro bono law firm.