The Maryland Department of Transportation (MDOT) has indicated that it suffered a cybersecurity incident that resulted in sensitive data loss, and that data is being auctioned on the dark web for 30 bitcoin, or about $3.4 million.
The breach was committed by the hacking group Rhysida Ransomware, according to Dark Web Daily.
The stolen information is being reported to involve extremely sensitive information like social security numbers, addresses, dates of birth, and other identifying information.
The hackers are giving the state one week to find a single buyer for the data, which has raised concerns amongst state officials and cybersecurity experts.
State Response and Ongoing Investigation
In response, MDOT confirmed “incident-related data loss” associated with unauthorized access to Maryland Transit Administration systems.
Although officials have not yet given a full accounting of the impacted data, they have called for employees and transportation authority users to take security precautions immediately.
The precautions are updating passwords, turning on two-factor authentication, and making sure software systems are up to date.
The department noted that the investigation is ongoing and declined to confirm, while a spokesperson did not immediately respond to requests for comment.
Also Read: Binance Co-Founder CZ Warns About Advanced & Patient Tactics Used By North Korean Crypto Hackers
Rhysida Ransomware’s Tactics and Track Record
The hacking group responsible for the breach, Rhysida, has been operational since at least 2023 and has been noted for its attacks on important industries, including healthcare, education, manufacturing, information technology, and government agencies.
The Cybersecurity and Infrastructure Security Agency (CISA) notes the group operates by collecting sensitive data and demanding ransom payments in Bitcoin, under the threat of going public with the data.
Utilizing cryptocurrency enables opponents to mask the financial flow that they believe offers some protection from discovery by law enforcement officials.
Also Read: THORChain Co-Founder Loses $1.3 Million in “Conference Call Scam” By North Korean Hackers
Rising Trend in Ransomware Payments and Crackdowns
While Rhysida’s auction has raised alarm, it is part of a broader trend of escalating ransomware attacks globally.
In just 2024, ransomware operators have collected approximately $813 million in extortion payments, down from the $1.25 billion reported in 2023, according to blockchain analysis firm Chainalysis.
U.S. law enforcement officials are ramping up attempts to dismantle these groups, and just recently, the Department of Justice seized millions of dollars in Bitcoin from groups like Chaos.
Also Read: Hackers Hijack NPM Packages, Millions Of Crypto Wallets At Risk, Warns Ledger CTO
Broader Cybersecurity Concerns in the Crypto Ecosystem
Also evident in the MDOT incident is a larger wave of hacking activity affecting government agencies and the crypto industry in general.
Earlier this month, hackers hijacked an NPM JavaScript package, putting millions of crypto wallets at risk, according to a warning from Ledger’s CTO, according to UnoCrypto.
Just days later, we reported that another hacker drained $3.047 million from Safe Wallet users through a spoofed smart contract, highlighting ongoing vulnerabilities in wallet and exchange security.
These examples underscore the need for improved cybersecurity, as well as monitoring from users noticing attacker exploits against software vulnerabilities and social engineering attacks to take money and other sensitive data.
Also Read: Crypto Hackers Exploit Ethereum Smart Contracts To Hide Malware From Security Scanners