The Maryland Department of Transportation (MDOT) fell victim to a ransomware attack by the Rhysida ransomware group, which exfiltrated and is now auctioning sensitive personal data of agency employees on the dark web. The compromised data includes full names, birth dates, home addresses, driver’s licenses, passports, Social Security cards, and other confidential documents. The group set a starting bid of 30 Bitcoin (~$3 million) for the stolen data, with the auction ending within a week. MDOT confirmed an incident-related data loss, acknowledging that personal information was taken and that affected individuals would be notified. However, specific details remain undisclosed due to the ongoing investigation. The breach involved employee data, suggesting a targeted attack on internal records rather than customer information. Cybersecurity experts and law enforcement are assisting in the probe. Rhysida, active since 2023, has previously targeted government, healthcare, education, and IT sectors, indicating a pattern of high-profile attacks. The breach poses significant reputational, financial, and operational risks to MDOT, with potential long-term consequences for employee trust and agency security protocols.
TPRM report: https://www.rankiteo.com/company/maryland-department-of-transportation
"id": "mar3332133092625",
"linkid": "maryland-department-of-transportation",
"type": "Ransomware",
"date": "6/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'transportation',
'location': 'Maryland, USA',
'name': 'Maryland Department of Transportation (MDOT)',
'type': 'government agency'}],
'customer_advisories': 'Affected individuals will be notified.',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['images of IDs', 'documents'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes SSN, passports, '
'driver’s licenses)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'government-issued IDs',
'employee records']},
'description': 'A ransomware group, Rhysida, claims it hacked the Maryland '
'Department of Transportation (MDOT) and is selling sensitive '
'personal data of employees on the dark web. The data includes '
'full names, birth dates, home addresses, driver’s licenses, '
'passports, Social Security cards, and other sensitive '
'documents. The auction for the data has a starting price of '
'30 Bitcoin (~$3 million) and ends in less than a week. MDOT '
"confirmed an 'incident-related data loss' and is "
'investigating with cybersecurity experts and law enforcement.',
'impact': {'brand_reputation_impact': 'high (sensitive data auctioned on dark '
'web)',
'data_compromised': ['full names',
'birth dates',
'home addresses',
'driver’s licenses',
'passports',
'Social Security cards',
'other sensitive documents'],
'identity_theft_risk': 'high (PII exposed)'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['employee PII',
'government records']},
'investigation_status': 'ongoing (with cybersecurity experts and law '
'enforcement)',
'motivation': ['financial gain', 'data theft for resale'],
'ransomware': {'data_exfiltration': True,
'ransom_demanded': '30 Bitcoin (~$3 million)',
'ransomware_strain': 'Rhysida'},
'references': [{'source': 'WTOP'},
{'source': 'Daily Dark Web'},
{'source': 'Cybersecurity and Infrastructure Security Agency '
'(CISA)'}],
'response': {'communication_strategy': 'Affected individuals will be '
'notified; no specific details '
'disclosed due to ongoing '
'investigation.',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['cybersecurity experts']},
'threat_actor': 'Rhysida ransomware group',
'title': 'Rhysida Ransomware Attack on Maryland Department of Transportation',
'type': ['ransomware', 'data breach', 'dark web auction']}