Cyber Incident Victim: Disability Services of the Southwest
Date:
Sep 2022
Location:
United States of America
Summary
Disability Services of the Southwest experienced a ransomware attack targeting its employment and training website, where unauthorized actors encrypted files during a brief system access period. While no evidence confirmed data theft, potentially compromised information included applicant details such as names, contact information, and job preferences, alongside current and former employee data like addresses, employee IDs, and training records. Sensitive financial data and Social Security numbers remained secure as they were stored separately. The organization reported the incident to relevant authorities, including HHS, CISA, and the FBI, and subsequently enhanced its defenses with verified anti-ransomware software and updated backup infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 28, 2022, unauthorized individuals gained access to the employment and training website platform used by Texas-based Disability Services of the Southwest (DSSW) through a compromise of its third-party platform provider, Intermap Holdings. The attackers deployed ransomware to encrypt files within the system. Intermap Holdings detected and contained the intrusion on the same day, blocking further unauthorized activity. Forensic analysis confirmed the attackers had access only during this limited window. While investigators found no evidence confirming unauthorized data access or exfiltration, they could not definitively rule out the possibility that sensitive information was viewed or obtained during the breach.
The compromised system contained information from individuals who had submitted employment applications, including names, phone numbers, email addresses, and details about the specific jobs and locations they applied for. Current and past employee data was also potentially exposed, encompassing names, addresses, phone numbers, employee IDs, and training histories. Financial information and Social Security numbers remained unaffected as they resided on a separate system. DSSW promptly reported the incident to multiple authorities, including the U.S. Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI). In response, DSSW implemented new anti-ransomware software and enhanced backup infrastructure, with the FBI validating these measures as providing robust security protections. No ransom payment was made, and the organization maintained operations without extended disruption.