City of Richland data security incident

Today, ransomware group INC has posted the City of Richland, Washington, to its data leak site. This follows a recent disclosure from the City of a ‘data security incident.’

On May 17, the City of Richland posted an update to its website:

The City of Richland confirms there has been a data security event affecting our servers and systems at Benton County Emergency Services (BCES) and the City of Richland (City). This breach has potentially compromised personal information of our citizens.

Another update was posted on Monday (20) to confirm that systems had been taken offline while it was investigating the incident. While this bears all of the hallmarks of a ransomware attack, the City hasn’t yet described it as such. Comparitech has contacted it for more information and for confirmation on INC’s claims and will update this post if we receive a response.

Details from INC are also limited but the proof pack uploaded appears to contain various documents from the City.

Richland INC Ransomware

While we await further details from the City, residents and employees of Richland should be on high alert for any potential phishing messages. Monitoring accounts for any suspicious activity is also recommended.

Who is INC?

INC first appeared in July 2023 and has been confirmed as the ransomware group across 19 known attacks in the US alone. According to our data, these attacks have impacted 1.16 million records.

Six of these attacks occurred in 2024 with other victims including Otolaryngology Associates LLC, Electric Mirror, LLC, Pantana Accounting & Tax, Inc., and Rockford Public Schools. It also claimed an attack on the City of Buckeye, AZ, which caused system outages, including temporary disruptions to online bill payment, permits and parks and recreation registration.

INC was also responsible for a recent attack on Leicester City Council in the UK.

Ransomware attacks on government organizations

So far this year, we’ve tracked 52 confirmed attacks on government organizations around the world. This follows a record-breaking 206 attacks in 2023.

While the data impacted in these attacks tends to be lower than other sectors (682,100 are confirmed to have been affected in 2023 and 50,256 so far this year), these types of attacks can knock out key government systems and cause widespread disruption.

In 2023, we found the US government organization lost an average of 16.5 days in downtime to ransomware attacks.