Texas county says 47,000 had SSNs, medical treatment info leaked during May cyberattack

A cyberattack in May gave hackers access to the personal, financial and medical information of more than 47,000 residents living in Wichita County, Texas. 

County officials filed breach notification documents with regulators in Texas as well as Maine and posted a notice on their website warning residents that the incident involved everything from names, Social Security numbers and government IDs to financial account information, health insurance information and some types of medical treatment information.

The incident began on May 7 when the county experienced a network disruption requiring an investigation. The investigation lasted until September 3, when officials fully learned what information was stolen and how many people were affected. 

The time delay between the investigation and the notice was because they needed “to obtain missing address information to effectuate notification to affected individuals and set up the services being offered.” 

The 47,784 victims are being given two years of credit monitoring and CyberScan dark web monitoring.

The county, located on the state’s northern border with Oklahoma, has a population of about 130,000, and officials did not respond to requests for comment about why there was a discrepancy between the people affected and the population size. 

At the end of May, the Medusa ransomware gang claimed it stole information from the Wichita County Mounted Patrol — an organization that runs rodeo competitions. 

The posting caused a stir among cybersecurity experts who noted that much of the data posted by the ransomware gang was not about rodeos but appeared to have come from county systems.  

The county did not respond to requests for comment about whether the 1.5 TB of data in that post was related to the cyberattack the county faced that same month. The ransomware gang demanded a $320,000 ransom that was not paid. 

The gang has made a point of going after U.S. municipalities, attacking another government agency in Texas in April and an Illinois county the month before.