As we wrote in the previous article, BlackByte had in its hands other Augusta data exfiltrated during the cyber attack of last May 21st. We were not aware of how many there could be, after the 10 GB of proof data put online in recent days.
BlackByte let us know in an email tonight that it would soon release all of the data it still has, plus 70GB of data that we believe contains additional sensitive documents of City of Augusta citizens and employees.
(The email contains the URLs to download the 70 GB of documents)
Hello. Now all the data (about 70GB) is available and will be shared soon.
After all, the message published on the home page of their blog was clear
In all of his statements, Mayor Garnett L. Johnson never confirmed the presence of sensitive data of his citizens, but as we had already had the opportunity to write, it was clear that there were dozens and dozens of PII and PHI documents, below are just a few examples but we could really publish many more
We had remarked on the inadequacy of the IT department, or rather who in that department which is so fundamental for every public or private company had not worked diligently.
We also pointed out that many PHI and PII documents residing on the City of Augusta servers belonged to the Network Administrator or his family, as well as an unprotected Excel file with all the access credentials to his various accounts. But we had indicated other documents not protected by password: Comcast Account ID of Augusta, the IP Address, Device Name, of the Augusta Regional Airport Switches and Access Points but also a list of 2052 data relating to the employees of Augusta
- Full names
- Windows Login Account
- Department
- Email Address
This should make us think of a different type of restructuring, not just structural.
We think Mayor Garnett L. Johnson did well not to come to terms with BlackByte, but we also think the work that awaits him to restore all IT systems is not something that can happen in a few weeks.
We hope that what happened in the City of Augusta serves as a warning because the IT department is one of the pillars of every company both in the public and in the private sector.
Running for cover after the damage has already occurred serves no one, even less the citizens who should always be protected even when it comes to digital data.
The municipal administrations of each city should devote more resources to such a strategic department, for years now a large part of the sensitive documentation “travels” digitally, or resides on servers and perhaps the time has come for someone to realize this.