ATLANTA — Cybersecurity experts claim they have evidence that data has already been compromised from an alleged Fulton County cyberattack announced in January.
When the case was first announced, Fulton County officials previously said they were unaware that the data had been collected. County officials announced Wednesday that Fulton County’s cybersecurity incident resulted from a ransomware attack aimed at financial gain.
Related: Officials release evidence showing Fulton County cybersecurity incident was a paid ransomware attack
Now, Patrick Kelley, CEO of LEARGAS Security, says all of your iCloud data, and even former President Donald Trump and Young Thug’s lawsuit, could be compromised.
He said the countdown has begun until the hackers release more information.
Kelly printed out what she had found so far on the hacking website.
“Medical records, tried/untried cases, usernames and passwords,” Kelly said.
Kelly said the initial leaked credentials appeared to be from all departments in Fulton County.
“If you’ve ever worked, lived or done business, you’re going to be affected,” Kelly said.
Kelly said this confirms suspicions that Fulton County Commission Chairman Rob Pitts made at a news conference Wednesday that it was a ransomware attack.
“It takes about 24 to 36 hours,” Kelly said. “I think that’s the countdown now, and all the data will be released showing that Fulton County has chosen not to pay the ransom.”
Kelly blames the hackers behind Lockbit 3.0. He said they are one of the most impressive groups known for attacking high-value targets such as local governments, at a cost of millions of dollars.
“They looked at some of the memos and what happened with the city of Atlanta, and I think some of that was passed on,” Kelly said.
Nearly six years after the city’s ransomware attack, the county also experienced a ransomware attack. Mr Kelly said the new attack could mean the release of the name of a police informant, but what he was most concerned about was health records.
“Fulton County had an HIV department,” Kelly said. “And some people may not want to know about the situation.”
Kelly said it will take time for the county to figure out how big the real impact is.
“After that, it’s really up to the person to decide, but they may consider consulting a lawyer,” Kelly said.
Kelly also noted that the breach exposed a significant number of weak administrative passwords. So others should take this as a lesson and use passphrases that include numbers, symbols and two-factor authentication, he said.