{
	"id": "f70cdd3c-c4c1-4395-bfce-c9632fcb1db0",
	"created_at": "2026-04-06T00:09:59.660566Z",
	"updated_at": "2026-04-10T13:12:30.920072Z",
	"deleted_at": null,
	"sha1_hash": "b7111c3cb9885db5a9846bc65d72c24c94d2031f",
	"title": "California union confirms ransomware attack following LockBit claims",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 72040,
	"plain_text": "California union confirms ransomware attack following LockBit\r\nclaims\r\nBy Jonathan Greig\r\nPublished: 2024-02-08 · Archived: 2026-04-05 18:23:56 UTC\r\nOne of the largest unions in California confirmed this week that it is dealing with network disruptions due to a\r\ncyber incident following claims of an attack last month by a notorious ransomware gang.\r\nService Employees International Union (SEIU) Local 1000 represents nearly 100,000 state employees in\r\nCalifornia across more than 2,000 worksites in the state.\r\nLast month, the LockBit ransomware gang said it stole 308 gigabytes of data from the union that included\r\nemployee Social Security numbers, salary information, financial documents and more.\r\nThe organization did not respond to repeated requests for comment but addressed the issue in a public statement\r\nthis week, confirming that on January 18 they “experienced a network disruption by an outside actor.”\r\n“As we investigated the incident we learned that it was caused by certain data being encrypted. We are aware of\r\nthe discussion happening on social media about the type of attack we are purported to have had and the actor by\r\nwhom it was apparently done,” they said in reference to LockBit’s claims.\r\n“We are currently working with outside experts to ensure ongoing network security and assist and advise as we\r\ncontinue to restore our operations. This incident was a criminal cyber act and is being treated as such as we assist\r\nlaw enforcement.”\r\nThe organization is in the process of determining what personal information was stolen or accessed during the\r\nattack and plans to notify anyone affected. Free credit monitoring and identity theft protection services will be\r\noffered to victims, they added.\r\nThe attack “has caused concern and also inconvenience” but work has proceeded in spite of the outages. State\r\nagencies have continued to work with them on ongoing bargaining issues, cases, grievances, hearings, and\r\nmeetings.\r\n“As we fully bring our systems back online, we have never stopped fighting for the rights of state workers,” the\r\nstatement explained. “Coordinated attacks against unions come from a number of anti-worker groups, and we will\r\nnot let this one distract us from the important issues that face us with the State, the budget process or any of the\r\nupcoming political primary battles.”\r\nThe organization’s website now included a banner notifying people of the network disruptions and providing a\r\nphone number for those with questions.\r\nhttps://therecord.media/california-union-lockbit-attack-ransomware\r\nPage 1 of 3\n\nInstitutions in California continue to face a barrage of cyberattacks, from ransomware gangs like LockBit and\r\nother groups. At least seven cities, including San Francisco, Oakland and Hayward, have been hit by ransomware\r\nattacks and hackers have pilfered data from the California’s Public Employees' Retirement System (CalPERS) as\r\nwell as a California-based company that controls 16 hospitals across the country and a major pro bono law firm.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nJonathan Greig\r\nhttps://therecord.media/california-union-lockbit-attack-ransomware\r\nPage 2 of 3\n\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/california-union-lockbit-attack-ransomware\r\nhttps://therecord.media/california-union-lockbit-attack-ransomware\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/california-union-lockbit-attack-ransomware"
	],
	"report_names": [
		"california-union-lockbit-attack-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434199,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b7111c3cb9885db5a9846bc65d72c24c94d2031f.pdf",
		"text": "https://archive.orkl.eu/b7111c3cb9885db5a9846bc65d72c24c94d2031f.txt",
		"img": "https://archive.orkl.eu/b7111c3cb9885db5a9846bc65d72c24c94d2031f.jpg"
	}
}