The county government has been very quiet about the recent hack of its domain plumascounty.us. Plumas News was first to tell us about the situation on November 16, 2021, simultaneously with a security expert who posted on Twitter that plumascounty.us had been hacked using lockbit 2.0, a ransomware service-for-hire that is used mostly by Russian gangs seeking to extort domain owners by encrypting their files and threatening to publish information on the internet unless a ransom is paid. I started to wonder why we were not receiving more information and how long this had been going on. After all, every single resident and employee of our county entrusts our county government with details about our lives, whether it’s relating to property taxes, payroll, child support payments, or any number of other transactions full of sensitive personal information.
Looking at the web security service Hacknotice, I saw that the first notice of the hack was published online on November 6, 2021. What was happening during those 10 days between November 6 and November 16? Did the county inform its employees and government partners of the loss of data? We deserve more details than the obfuscation Mr. Hydrick has been practicing, especially if tax dollars were used to pay a ransom. We also deserve better management of our information. A whole series of failures had to occur before the county lost control of its data. Ransomware is most commonly spread by emails that trick people into giving up access to a vulnerable system that doesn’t prevent mass upload of data to outside servers and is not properly backed up.
What is the county doing to prevent another attack? When will the county notify people whether their personal information was stolen? Thank you Plumas News for staying with this story.