Cyber Incident Victim: Bremerton Housing Authority
Date:
Sep 2016
Location:
United States of America
Summary
A Bremerton Housing Authority website breach by Brazilian hackers involved defacement with a ransom demand of $4,000 in Bitcoin, threatening client data exposure. The compromised data included client names and partial Social Security Numbers used for housing assistance waitlist tracking. The agency refused negotiations, termed the actors cyber terrorists, and notified the FBI while advising affected individuals and initiating system security upgrades. This incident highlighted a refusal to pay ransoms despite precedents of other organizations complying with similar threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 11, 2016, unidentified hackers claiming Brazilian affiliation breached the Bremerton Housing Authority's website, defacing it with an image of a SouthPark character and a Portuguese-language message. The attackers compromised a database containing client names and the last four digits of Social Security Numbers (SSNs), information used to track applicants' positions on housing assistance waitlists. Three days later on September 13, the hackers escalated their campaign by emailing the housing authority, demanding a ransom payment equivalent to $4,000 in Bitcoin (6 BTC) and threatening to publicly release both the stolen data and details of the website's vulnerabilities. Executive Director Kurt Wiest publicly declared the organization would not negotiate with what he termed "cyber terrorists," establishing a firm non-payment stance. The housing authority immediately reported the incident to the Federal Bureau of Investigation (FBI) and initiated direct communications with affected clients through security advisories regarding the potential exposure of their limited personal information.
The attackers' initial website defacement was documented by Zone-H, an online platform that archives such compromises. Forensic analysis indicated no evidence of full SSNs, financial records, or other sensitive data being exfiltrated beyond the partial identifiers. While the hackers' threats emphasized leveraging the stolen waitlist data for extortion, the housing authority focused remediation efforts on replacing legacy systems with more secure infrastructure rather than engaging with ransom demands. No subsequent public data leaks or vulnerability disclosures were confirmed following the organization's refusal to pay. Internal recovery operations prioritized system hardening measures while maintaining housing assistance services throughout the incident response period. The FBI's involvement remained focused on investigative support rather than direct incident containment, consistent with standard law enforcement protocols for cyber extortion cases targeting municipal entities.