Cyber Incident Victim: Family Service Rochester
Date:
Dec 2016
Location:
United States of America
Summary
A ransomware attack compromised portions of Family Service Rochester's computer systems, enabling unauthorized access to sensitive client information over a one-month period. The breach potentially exposed personal and medical data including names, addresses, Social Security numbers, driver's license details, insurance identifiers, and dates of birth. The organization initiated law enforcement involvement and an investigation upon discovering the encrypted files, subsequently notifying affected individuals and providing complimentary identity protection services for one year. Security enhancements were implemented following the incident to strengthen system protections.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Family Service Rochester (FSR) discovered a ransomware incident on January 26, 2017, when portions of its files were found encrypted, disrupting normal operations. The organization immediately notified law enforcement and initiated a forensic investigation, which determined that unauthorized actors had gained access to its systems through a compromised user account. This access persisted for approximately one month, spanning from December 26, 2016, to January 25, 2017. The attackers exploited this window to deploy ransomware that encrypted sensitive files, though the exact method of initial account compromise remained unspecified in public disclosures. FSR's investigation confirmed that personal information stored within the affected systems was potentially accessed during this period. The organization did not disclose whether a ransom was demanded or paid, nor did it identify the specific ransomware variant involved in the attack.
The compromised systems contained varied categories of sensitive client information, including names, addresses, dates of birth, Social Security numbers, driver's license numbers, insurance identification details, and medical records. FSR began notifying affected individuals via mailed letters in February 2017, with each notification specifying which personal data elements were potentially exposed for that recipient. As remediation, the organization offered all impacted individuals one year of complimentary identity protection services through AllClear ID. FSR emphasized its commitment to data security by implementing additional safeguards to fortify its systems, though no technical details of these enhancements were publicly documented. A dedicated toll-free helpline ((855) 471-8393) was established to address victim inquiries, while the organization coordinated with law enforcement throughout the investigation. The incident prompted operational disruptions during the encryption period and required sustained recovery efforts to restore affected systems and data integrity.