December 14, 2022

The California Department of Finance has confirmed that it is looking into a “cybersecurity incident” after the prolific LockBit ransomware group claimed to have stolen confidential data from the agency.

On Monday, the LockBit ransomware gang revealed on their leak site that they had broken into the California Department of Finance and stolen databases, confidential data, financial documents, and IT documents.

To back up their claim, the hackers published a few screenshots of files they allegedly stole from the California Department of Finance’s systems. LockBit claims to have recovered “databases, confidential data, financial documents,” as well as “sexual proceedings in court.” The group posted seven screenshots totaling 75.7 gigabytes of what seem to be menial budget documents, an old contract, and a screenshot from a file directory showing multiple other document folders dated December 7 and Dec. 8.

LockBit also stated that it has given the agency until December 24 to meet its ransom demands (which have not been publicly disclosed) before publishing the stolen data.

According to the California Governor’s Office of Emergency Services (Cal OES), the California Cybersecurity Integration Center (Cal-CSIC) is responding to a cybersecurity incident involving the California Department of Finance.

The statement reads, “Upon identification of this threat, digital security and online threat-hunting experts were rapidly deployed to assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities.”

The sources for this piece include an article in BleepingComputer.