{ "id": "bcc220fc-5ba3-4ec3-b36c-2dbe20c2602c", "created_at": "2026-04-06T00:19:31.636671Z", "updated_at": "2026-04-10T13:11:41.014064Z", "deleted_at": null, "sha1_hash": "4967275dfccfea01d6cc1d72314500488ff090d9", "title": "Virginia County Confirms Personal Information Stolen in Ransomware Attack", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 80905, "plain_text": "Virginia County Confirms Personal Information Stolen in\r\nRansomware Attack\r\nBy Ionut Arghire\r\nPublished: 2022-11-28 · Archived: 2026-04-05 14:29:34 UTC\r\nSouthampton County in Virginia last week started informing individuals that their personal information\r\nmight have been compromised in a ransomware attack.\r\nThe incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the\r\ndata that was stored on it.\r\nThe county says that it took steps to contain the attack immediately after identifying it, and that it launched an\r\ninvestigation into the incident, to determine the type of data that might have been compromised.\r\nThe investigation revealed that personal information such as names, addresses, driver’s license numbers, and\r\nSocial Security numbers might have been compromised, the county says in a notification letter sent to impacted\r\nindividuals, a copy of which was submitted to the Montana Attorney General.\r\n“Although we have no conclusive evidence that the cybercriminal was successful in removing your personal\r\ninformation from Southampton’s server, out of an abundance of caution we wanted to alert you to this matter and\r\nprovide you with free credit monitoring,” the letter reads (PDF).\r\nSouthampton County also confirmed that the threat actor behind the attack has posted some of the stolen data\r\nonline.\r\nAdvertisement. Scroll to continue reading.\r\n“After Southampton recovered from this incident, a single W-2 form appeared on the dark web with the criminal\r\nclaiming that they removed sensitive data from the encrypted Southampton server. The server in question held\r\nhttps://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack\r\nPage 1 of 2\n\nsome archived County information,” the letter reads.\r\nIn September, the LockBit 3.0 gang boasted on their leaks site on the Tor network about the attack on\r\nSouthampton County.\r\nThe ransomware gang has only made public several screenshots showing mostly the names of folders allegedly\r\nstolen from the county’s systems. However, the page dedicated to Southampton also displays a ‘destroy all\r\ninformation’ button and a ‘download data at any moment’ button, both with a price tag of $90,000.\r\nRelated: California County Says Personal Information Compromised in Data Breach\r\nRelated: Toyota Discloses Data Breach Impacting Source Code, Customer Email Addresses\r\nRelated: Samsung US Says Customer Data Compromised in July Data Breach\r\nSource: https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack\r\nhttps://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack" ], "report_names": [ "virginia-county-confirms-personal-information-stolen-ransomware-attack" ], "threat_actors": [], "ts_created_at": 1775434771, "ts_updated_at": 1775826701, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4967275dfccfea01d6cc1d72314500488ff090d9.pdf", "text": "https://archive.orkl.eu/4967275dfccfea01d6cc1d72314500488ff090d9.txt", "img": "https://archive.orkl.eu/4967275dfccfea01d6cc1d72314500488ff090d9.jpg" } }