2024-07-20 13:35:01
The North Carolina State Bureau of Investigation is investigating a cyberattack on a vendor-managed system from May.
On May 13, an NC SBI agency network received an email with details about how their network had been hacked. The email came weeks after the SBI got some warnings that their agency network had been compromised.
Angie Grube with the SBI provided a statement to WRAL News, noting no personal information was accessed during the breach.
“In May, a cyberattack encrypted data on a server,” the statement read. “The incident affected a vendor-managed system. Immediately, measures were taken to repair the system. Upon detecting unusual activity, our cybersecurity team initiated protocols to mitigate the threat and secure the affected system. Fortunately, the breach did not affect other systems managed by the SBI, ensuring the security of our operations. It’s also important to note that no Personally Identifiable Information (PII) was accessed during the breach.”
“Our primary concern is the security and privacy of the sensitive information under our custody. We continue to implement additional security measures to prevent such incidents in the future and we are committed to maintaining the integrity of our systems.”
Earlier in July, WRAL News reported a Raleigh man is suing Advance Auto Parts after the company announced a data breach earlier in 2024. It was one of five major cyberattacks in 2024 impacting people in our area, with AT&T announcing an attack July 12.
Ticketmaster, CDK and the Town of Apex were also recently hit.
Former FBI agent and cyber security expert Darren Mott talked with WRAL News about what the breach actually means and who should worry.
“My guess is they had a supply chain issue,” Mott said. “All of the software and hardware that makes your network work something they had within their supply chain had a problem.”
“At this point is if they have information that the SBI has for them on cases, they maintain the concern would be was their personal data taken?”
Mott said law enforcement agencies are highly desired targets as many departments lack the resources to secure their networks very well. The SBI said none of their other systems were compromised.