{ "id": "22f53323-4727-4db8-a593-c40f82d87196", "created_at": "2026-04-06T00:07:34.98306Z", "updated_at": "2026-04-10T13:11:30.464112Z", "deleted_at": null, "sha1_hash": "493adde4f14a69e55a618de876f56a1e5d7abbba", "title": "DC city agency says LockBit claims tied to third-party attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 75595, "plain_text": "DC city agency says LockBit claims tied to third-party attack\r\nBy Jonathan Greig\r\nPublished: 2024-04-19 · Archived: 2026-04-05 15:29:00 UTC\r\nA Washington, D.C., government agency confirmed that data stolen and leaked by the LockBit ransomware gang\r\nwas taken from a third-party technology provider.\r\nOn April 13, the LockBit ransomware gang claimed it attacked the D.C. Department of Insurance, Securities and\r\nBanking (DISB) and stole 800GB of data. DISB is a regulatory agency designed to protect consumers from abuses\r\nby financial institutions like insurance companies, investment firms, banks and mortgage lenders.\r\nLockBit said on Thursday evening that negotiations had broken down and it planned to leak 1GB of data in order\r\nto further push the organization into paying a ransom. \r\nAfter repeated requests for comment throughout the week, DISB responded to an inquiry on Friday morning,\r\ndirecting Recorded Future News to a statement and declining to comment further on the incident.\r\nThe statement says DISB was notified by third-party software provider Tyler Technologies that it “has\r\nexperienced a data breach related to securities data.” \r\n“Tyler Technologies discovered unauthorized access to their cloud that stores DISB’s STAR system client data,”\r\nDISB said, directing people to an alert from Tyler Technologies. \r\nTyler Technologies is a public company that serves government agencies and schools around the world, reporting\r\na revenue of $1.95 billion in 2023. \r\nCompany officials explained that late last month its IT team discovered “unauthorized activity in an isolated\r\nsegment of a private cloud hosting environment that stored limited STAR system client data.” \r\n“We immediately took the system offline and have been in close contact with affected clients. In coordination with\r\nthird-party experts, we launched an incident response investigation,” they said. \r\n“In parallel, our security and technical support teams began working to restore system access in a safe and secure\r\nmanner. Known, good (immutable) backups were available, and recovery of the application environment and\r\nassociated data have been a focus for Tyler since we discovered this situation. Our investigation found that a threat\r\nactor encrypted the system and acquired data.”\r\nIn an update published on Friday, Tyler Technologies confirmed that LockBit released some of the information\r\ntaken from the STAR system. \r\nThe company said it has been in contact with law enforcement about the issue and has hired a cybersecurity firm\r\nto investigate.  \r\nhttps://therecord.media/dc-city-agency-ransomware-attack-lockbit\r\nPage 1 of 3\n\nThe company did not respond to requests for comment about whether it  had been negotiating with LockBit or if a\r\nransom would be paid. It is unclear whether other clients of the company were affected by the attack. \r\nIn an FAQ alongside the statement, Tyler Technologies confirmed that it is likely the ransomware gang stole\r\npersonal information and it is currently “working to identify which individuals’ personally identifiable information\r\n(PII) may have been acquired by the threat actor.”\r\nThe company said this incident is not tied to a September 2020 data breach where hackers accessed internal phone\r\nand information technology systems. \r\nDISB is the latest Washington, D.C., government organization to face a data theft incident following an attack on\r\nthe city’s healthcare exchange platform last year that saw sensitive information of thousands — including\r\nCongress members and staff — leaked.\r\nThousands of people who signed up for DC Health Link — a health insurance marketplace for city residents —-\r\nhad their names, ID numbers, policy IDs, Social Security numbers and more accessed by hackers and eventually\r\nleaked.\r\nOfficials at Washington, D.C.’s Board of Elections (DCBOE) also confirmed in October that hackers accessed the\r\ncity’s voter rolls, which includes personal information such as partial Social Security numbers and driver’s license\r\nnumbers.\r\nDespite a widely publicized international law enforcement takedown in February, LockBit has continued to launch\r\nsuccessful ransomware attacks. A Nasdaq-listed pharmaceutical development company and a prominent South\r\nAfrican company were LockBit victims last month. \r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/dc-city-agency-ransomware-attack-lockbit\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/dc-city-agency-ransomware-attack-lockbit\r\nhttps://therecord.media/dc-city-agency-ransomware-attack-lockbit\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://therecord.media/dc-city-agency-ransomware-attack-lockbit" ], "report_names": [ "dc-city-agency-ransomware-attack-lockbit" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434054, "ts_updated_at": 1775826690, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/493adde4f14a69e55a618de876f56a1e5d7abbba.pdf", "text": "https://archive.orkl.eu/493adde4f14a69e55a618de876f56a1e5d7abbba.txt", "img": "https://archive.orkl.eu/493adde4f14a69e55a618de876f56a1e5d7abbba.jpg" } }