Lycoming County Department of Public Safety

Lycoming County detected a ransomware attack on its computer network on August 12, prompting an immediate investigation with third-party cybersecurity experts and law enforcement, including the FBI. The breach was contained without system shutdowns, but it was later confirmed on August 18 that stolen data may include driver’s license numbers (though not Social Security numbers). The county delayed public notification until August 21 per investigator advice. Affected individuals will receive written notices and complimentary credit monitoring. The county is implementing enhanced security measures, including endpoint detection, enterprise-wide password resets, and stricter external access controls. While no critical systems were disrupted, the incident highlights vulnerabilities in government data protection, particularly for sensitive personal identifiers tied to public safety services. Neighboring Union County faced a broader breach earlier in March, exposing Social Security numbers, financial data, and Children and Youth Services records, underscoring regional cybersecurity risks.

Source: https://www.pennlive.com/news/2025/08/cyber-incident-impacts-data-held-by-public-safety-department-in-pa-county.html

TPRM report: https://www.rankiteo.com/company/lycoming-county-united-way

"id": "lyc526082825",
"linkid": "lycoming-county-united-way",
"type": "Ransomware",
"date": "3/2025",
"severity": "75",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Public Safety',
                        'location': 'Williamsport, Pennsylvania, USA',
                        'name': 'Lycoming County Department of Public Safety',
                        'type': 'Government (County)'}],
 'customer_advisories': 'Credit monitoring services offered to affected '
                        'individuals.',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Moderate (PII but no SSNs)',
                 'type_of_data_compromised': ['driver’s license numbers']},
 'date_detected': '2023-08-12',
 'date_publicly_disclosed': '2023-08-16',
 'description': 'Data held by the Lycoming County Department of Public Safety '
                'was compromised in a ransomware attack detected on August 12. '
                'The incident involved potential exfiltration of driver’s '
                'license numbers but not Social Security numbers. The county '
                'secured the network with assistance from third-party '
                'cybersecurity consultants and the FBI. No systems were shut '
                'down, and the county is offering credit monitoring to '
                'affected individuals. Remediation measures include enhancing '
                'security tools, monitoring the network, resetting passwords, '
                'and restricting external access.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'delayed public disclosure and data '
                                       'exposure',
            'data_compromised': ['driver’s license numbers'],
            'identity_theft_risk': 'Moderate (driver’s license numbers '
                                   'exposed)',
            'operational_impact': 'None (no system shutdowns reported)'},
 'investigation_status': 'Ongoing (led by FBI and third-party consultants)',
 'post_incident_analysis': {'corrective_actions': ['enhancing security tool '
                                                   'capabilities',
                                                   'active endpoint detection '
                                                   'monitoring',
                                                   'password resets',
                                                   'restricting external '
                                                   'network access']},
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'Local news report (Williamsport)'},
                {'source': 'Lycoming County official statement',
                 'url': 'https://www.lyco.org'}],
 'response': {'communication_strategy': ['public notification (delayed per '
                                         'investigator advice)',
                                         'website updates with protective '
                                         'measures for the public '
                                         '(www.lyco.org)',
                                         'written notices to affected '
                                         'individuals',
                                         'complimentary credit monitoring '
                                         'services'],
              'containment_measures': ['network secured',
                                       'endpoint detection tools deployed'],
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['enhancing capabilities of existing '
                                       'security tools',
                                       'active network monitoring',
                                       'enterprise-wide password reset',
                                       'strengthening restrictions for '
                                       'external network access'],
              'third_party_assistance': ['nationally recognized cybersecurity '
                                         'consultants',
                                         'data forensics consultants']},
 'stakeholder_advisories': 'Public advised via county website on protective '
                           'measures; written notices to be sent to affected '
                           'individuals.',
 'title': 'Lycoming County Department of Public Safety Cyber Incident '
          '(Ransomware Attack)',
 'type': ['ransomware', 'data breach']}