US private prison operator comes clean about ransomware attack in August
The GEO Group, a company that runs prisons and detention centres in the USA, was a victim of a ransomware attack on August 19 this year. The company, which operates several penitentiaries and detention centres for illegal immigrants, had its prisoner data leaked after the attack.
GEO Group confirmed that the hackers had stolen and leaked personal data of inmates and residents. These inhabitants were living in South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville, and a facility in California, which is now closed.
“GEO implemented several containment and remediation measures to address the incident, restore its systems and reinforce the security of its networks and information technology systems,” was the company’s statement.
The lost data was eventually recollected. However, the company did not clarify whether it was done by counteroffensive measures, or by paying the perpetrator ransomware group. GEO group attested to the hack in their latest SEC filing this week and stated that no operations, businesses, or finances were affected.
The leaked details of each individual could possibly include names, addresses, dates of birth, Social Security Numbers, driving license details, and healthcare details. The company is currently notifying everybody whose data was leaked by the hackers.
The company continued to downplay the attack, stating that only a handful of its 123 centres, across USA, Australia, South Africa, and the UK, had been affected. However, it is important to know that GEO Group made more than half of its revenue in 2019 in the USA.
The company currently claims in its SEC filing that the leaked information has not been misused yet. However, such data leaks can be very harmful, as they can aid hackers in their impersonation-powered phishing scams.
Regrettably, GEO Group did not confirm the ransom amount demanded or the identity of the ransomware group. It also made no comment about the number of people whose credentials were stolen and leaked.