Hendersonville cyberattack follows trend of hacker targets, security officials say
By Ed DiOrio
Click here for updates on this story
HENDERSONVILLE, North Carolina (WLOS) — Last week, the city of Hendersonville was the victim of a cybersecurity attack. An investigation is underway into the matter the city said targeted employee data.
Hendersonville City Manager John Connet issued this statement earlier this week:
The City of Hendersonville recently learned that it was a victim of a cybersecurity incident. Shortly before the Thanksgiving holiday, a threat actor group targeted software used to manage employee data. Upon learning of the issue, we began actively working with the North Carolina Joint Cybersecurity Task Force, as well as other local, state and federal law enforcement. We have also launched an investigation with third party cybersecurity professionals who regularly analyze these types of incidents. We are assessing the extent of any compromise of information as a result of this incident. We are taking this matter very seriously and continue to take significant measures to protect the information in our control. Based on our preliminary investigation, we have determined that the unauthorized party likely accessed the system and gained access to certain employee data for individuals hired before January 1, 2021. We believe the impact did not extend to other systems or customer data. Understand that our priority is the safety and security of government employees who work diligently to serve our community each and every day. We are committed to addressing the situation quickly and responsibly, by collaborating with legal counsel, technical experts, and cybersecurity professionals. At the conclusion of our investigation, we will directly contact individuals whose protected personal information may have been specifically impacted.” But this incident isn’t an outlier.
Officials from Montreat College’s Carolina Cyber Center said smaller entities are more likely to be targeted.
“It’ll be small to medium business, municipalities, colleges, churches, nonprofits, you name it,” the center’s Executive Director Larry Young said.
“It’s happening more and more than ever,” the center’s Senior Director Ed Carroll said.
According to officials, smaller organizations are more likely to be threatened because larger corporations have bigger budgets for cybersecurity measures.
“In 2022, there was over 800,000 complaints [to the FBI’s IC3 organization] launched on cyberattacks,” Carroll said. “That’s just what we know about.”
For any entity, continually updating passwords, going through training sessions and other precautionary measures can be the difference between a cyberattack being a bump in the road or the end of it.
“You have regular insurance, you wear a seat belt, you do things to protect you and your business,” Young said. “You lock the doors at night. Cyber preparedness is just as fundamental as those other items, and you must do it. The only difference between someone who [a cyberattack] destroys and someone who survives it is preparedness ahead of time.”
The center will be hosting different events related to cyber threat preparedness starting in February.
Please note: This content carries a strict local market embargo. If you share the same market as the contributor of this article, you may not use it on any platform.