Clarksville - LockBit

The City of Clarksville has started issuing data breach notifications following a data security incident that occurred in October 2023. Ransomware group, LockBit, posted the city on its data leak site in mid-November 2023.

In its notification, the City describes how an unauthorized party accessed its systems and “after an extensive forensic investigation and manual document review,” it identified those whose data could have been affected in the attack.

Personal data affected includes:

  • Name
  • Date of Birth
  • Social Security number
  • Driver’s License or State ID Number
  • Financial Account Information
  • Biometric Information
  • Payment Card number
  • US Military ID Number
  • Health Information
  • USCIS or Alien Registration Number

The elements affected varied by individual but the City is offering complimentary credit monitoring to anyone who had their SSN compromised. While it’s highly recommended to take advantage of this if your SSN is affected, everyone involved in the breach should monitor accounts and credit reports for any suspicious activity and be on high alert for any phishing emails, texts, or messages. Due to the length of time from the breach to the notification, going back through all bank statements and credit reports is also crucial.

At the moment, it is unclear how many people have been impacted by this breach, whether or not a ransom was paid, and how LockBit allegedly accessed the City’s systems. Comparitech has contacted the City for more information and we will update the article if we receive a response.

Who is LockBit?

LockBit is one of the most prolific ransomware gangs of recent years after first appearing in 2019. According to our data, LockBit is responsible for 167 confirmed ransomware attacks in the US alone. These attacks have affected at least 11.6 million records.

So far this year, LockBit is behind 16 confirmed attacks in the US with a further 139 unconfirmed claims. Among the confirmed attacks are the City of Wichita, the City of Jacksonville Beach, and Fulton County Government.

It is believed the group is based in Russia. Often, LockBit will operate a double-extortion model whereby a ransom is demanded to decrypt systems and delete any stolen data.

Ransomware attacks on US government organizations

Since 2018, 452 US government organizations are confirmed to have been impacted by ransomware attacks. These attacks have affected over 2.5 million records and have seen an average ransom of just over $560,000.

LockBit has claimed responsibility for 22 of these government-based attacks.

2024 has seen 24 confirmed attacks on US government entities so far with a further 18 still unconfirmed.

Attacks on government organizations can cause huge disruptions to key infrastructure and services, such as 911 dispatch centers, sheriff’s offices, city councils, and utilities. In 2023, we found the average government organization lost $167,798 per day in downtime.