Cyber Incident Victim: Union County, NJ
Date:
Mar 2025
Location:
United States of America
Summary
Union County detected ransomwareon its network and promptly launched an investigation with third‑party cybersecurity consultants and federal law enforcement. The breach exposed personal data, including Social Security numbers and driver’s license numbers, primarily of individuals connected to law enforcement, court activities, and other county business. In response, the county deployed enhanced detection tools, activated endpoint monitoring, reset enterprise passwords, and tightened external network access controls. Affected individuals will receive written notices and be offered complimentary credit monitoring once the data review is completed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March13 2025, Union County’s information technology team detected ransomware activity on the county’s computer network and immediately initiated an incident response protocol. The county enlisted nationally recognized third‑party cybersecurity and data forensics consultants to assist with securing the environment and beginning a forensic investigation. Simultaneously, county officials notified federal law enforcement agencies of the breach and alerted the Union County District Attorney to ensure coordination with criminal authorities. The county’s leadership stated that the primary objectives were to maintain essential services, protect the data under its stewardship, and restore systems as quickly and safely as possible.
By March 17 2025, the ongoing investigation revealed that unauthorized actors had exfiltrated certain data from the network, and the compromised information appeared to be primarily associated with individuals involved in county law enforcement, court‑related matters, or other county business. Although the investigation remained active, the county determined at that juncture that the stolen data could include Social Security numbers and driver’s license numbers. The county emphasized that the review of the exfiltrated dataset was still underway to precisely identify what information had been taken, which individuals were affected, and where those individuals resided. No ransomware group had claimed responsibility for the incident as of the early stages of the investigation.
In response to the confirmed data exposure, the county deployed additional security tools designed to improve threat detection and accelerate incident response, began continuous endpoint‑based monitoring of its network, performed an enterprise‑wide password reset, and tightened restrictions on external network access. The county also committed to issuing written notices to all potentially affected individuals once the data review was completed and indicated that it would offer complimentary credit monitoring services where appropriate. Officials noted that they would continue to cooperate with law enforcement and adhere to Pennsylvania’s breach notification requirements while working to enhance the overall security posture of the county’s information systems.