Cyber Incident Victim: GEO Group

On August 19, 2020, GEO Group, a private operator of correctional and immigration detention facilities across the United States, Australia, South Africa, and the United Kingdom, experienced a ransomware attack compromising personal and health information of inmates, residents, and employees. The breach affected data from the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville, Pennsylvania, and a now-closed California facility. Exposed information included names, addresses, dates of birth, Social Security numbers, employee ID numbers, driver’s license details, medical treatment records, and other health-related data. GEO Group activated containment and remediation protocols to isolate the incident, restore affected systems, and strengthen network security infrastructure. The company confirmed data recovery but did not disclose whether restoration relied on backups or ransom payments to decrypt files.

GEO Group notified the U.S. Securities and Exchange Commission of the breach on August 18, 2020, asserting the incident would not materially impact business operations or financial performance. The attack compromised only a limited segment of GEO’s network, which supports 123 facilities globally. The company initiated data breach notifications to all affected individuals, detailing the scope of exposed information. U.S. government contracts constituted over 50% of GEO’s 2019 revenue, as reported in its SEC 10-K filing. Following the breach disclosure, GEO Group’s stock price declined 14% from $9.76 to $8.38 within one trading day. No operational disruptions or additional facility impacts were reported beyond the confirmed locations.