In August, Lycoming County detected a **ransomware attack** on its computer network, prompting an immediate investigation with third-party cybersecurity experts and FBI notification. While the attack was contained early—preventing system shutdowns or widespread damage—it was confirmed that **driver’s license numbers** (but not Social Security numbers) *may* have been accessed. No complaints were filed, and no individuals required breach notifications or credit monitoring. The county’s existing protections mitigated the incident, and additional safeguards were implemented to prevent recurrence. Unlike a separate, more severe breach in neighboring **Union County** (involving SSNs, financial data, and sensitive Children and Youth Services records), Lycoming County’s incident resulted in **no confirmed data exfiltration or misuse**, with the primary risk being potential exposure of non-sensitive identification data. The source of the ransomware remains undetermined.
Pennsylvania Department of Transportation (PennDOT) cybersecurity rating report: https://www.rankiteo.com/company/penndot
"id": "PEN4762247111825",
"linkid": "penndot",
"type": "Ransomware",
"date": "5/2025",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 'none (no complaints received)',
'industry': 'public safety',
'location': 'Williamsport, Pennsylvania, USA',
'name': 'Lycoming County Department of Public Safety',
'type': 'government (county department)'}],
'customer_advisories': ['written notice and complementary monitoring service '
'offered (not triggered)'],
'data_breach': {'data_exfiltration': "unconfirmed (data 'might include' "
'driver’s license numbers)',
'personally_identifiable_information': ['driver’s license '
'numbers'],
'sensitivity_of_data': 'moderate (no Social Security numbers '
'or financial data)',
'type_of_data_compromised': ['driver’s license numbers']},
'date_detected': '2024-08-12',
'description': 'Lycoming County detected ransomware on its computer network '
'on August 12. An investigation with third-party cybersecurity '
'consultants was launched. No data appears to have been '
'compromised, though driver’s license numbers may have been '
'taken. The county offered written notice and monitoring '
'services to potentially affected individuals, but neither was '
'triggered due to lack of complaints. Law enforcement, '
'including the FBI, was notified, and the network was secured '
'without system shutdowns. Additional preventive measures were '
'implemented.',
'impact': {'customer_complaints': 'none reported',
'data_compromised': ['potential driver’s license numbers'],
'identity_theft_risk': 'low (no Social Security numbers '
'compromised)',
'operational_impact': 'none (no system shutdown required)'},
'investigation_status': 'ongoing (source of ransomware not yet determined)',
'post_incident_analysis': {'corrective_actions': ['additional preventive '
'measures implemented']},
'ransomware': {'data_exfiltration': 'unconfirmed (potential driver’s license '
'numbers)'},
'references': [{'source': 'Local news article (unspecified)'}],
'response': {'communication_strategy': ['offered written notice and '
'complementary monitoring service to '
'potentially affected individuals'],
'containment_measures': ['network secured',
'ransomware caught early by existing '
'protections'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['additional steps taken to prevent '
'recurrence'],
'third_party_assistance': ['nationally recognized cybersecurity '
'and data forensics consultants']},
'title': 'Lycoming County Department of Public Safety Ransomware Incident',
'type': 'ransomware'}