At the time, Events DC said a preliminary investigation suggested “some of our staff’s sensitive information may have been compromised”.
On Friday, Events DC said in a new statement that it had recently “become aware of criminals who illegally accessed our system.” [and] published some data on the dark web,” he said, which may be related to the incident described in October. The agency said it had no indication of a new attack and did not use the term ransomware to describe the breach, although the hacker group it says is responsible uses ransomware to attack companies and obtain sensitive files.
“We are currently evaluating the apparent release of our data,” a statement from Events DC said. “While we have no indication that anyone’s information has been used to commit fraud or identity theft, we have been out of an abundance of caution to offer credit protection services to our employees at no cost. Our investigation continues.”
The statement did not specify how many of the agency’s 400 employees were affected by the breach. The agency told the Washington Business Journal in October that customer data had also been stolen, but did not respond to questions Friday about whether customers had been affected.
Hackers calling themselves BlackCat/ALPHV published what they say is 80 gigabytes of internal Events DC on Thursday. the files The set of files also contained incident and injury reports submitted by customers affected by the breach; one of those files says “DO NOT COPY or distribute this report without the prior permission of the Chief Operating Officer or the Authority’s Chief Counsel.”
The data also includes contracts, board minutes, bank statements and employee tax forms that contain sensitive information such as Social Security numbers. Among the hacked materials was a city plan to host a major sporting event at the Mall. Another file, labeled confidential, contains detailed information about arena security requirements for a major sports league.
Events DC has not confirmed the authenticity of the published documents. Angie Gates, who was named the agency’s president and CEO in October, was not available for an interview Friday afternoon.
In April, the FBI said many BlackCat/ALPHV developers and money launderers are linked to “Darkside/Blackmatter,” the Russian cybergroups responsible for last year’s cyberattacks on the Colonial Pipeline and an Iowa grain cooperative. They said that these cyber groups have been closed.
BlackCat/ALPHV has also claimed responsibility for the hacks of dozens of organizations. This week, the Department of Health and Human Services warned healthcare organizations to be on the alert, saying the group “has been known to target the healthcare and public health (HPH) sector and is expected to continue.”
Last year, hackers published hundreds of pages of alleged internal documents from the DC police department after accessing the department’s computer network; the hacking group involved in that dump, called Babuk, threatened to release more documents if they didn’t meet their demands for money.