On their dark web blog, Quantum threat actors claim to have acquired 32 GB of files from Tehama County Social Services in California.
Quantum describes the files as involving information of county clients and employees:
Financial information, budgets, fiscal docs, contracts, HR data, resumes, payrolls, clients personal data, scans ID, scans SSN, personal info, scans certificates, incident reports, COVID vaccine cards, personal medical information, death lists, criminal record documents, Protective Custody Removal Warrants, many working documents, confidential documents, birth certificates, medication lists, children documents, court reports, client base with addresses and phones, MEDS program access, insurance documents
The attack occurred on April 9, and as media reported on April 15, the county quickly took its system offline to investigate. As of today’s date, however, if one goes to the county’s site, you can find no update or any indication that anything was ever wrong.
How can there be no notice on the site when Quantum leaked all the data and the leaked files contain sensitive and personal information?
Where is the county’s notification to the California Attorney General’s Office? Where is their notification to employees? Where is their notification to their clients or residents who applied for services? DataBreaches cannot find any such notifications or even reference to any press releases after media coverage in April of the county’s initial statement.
And who/what is Quantum Blog? They have been around for approximately one year now, but claim they are not hackers. On their “About” page, they write:
What we do
We inform the society about attacks and consequenses, about information leaked to the hackers. All posts are completely free, available for all visitors to download, use and repost in any place.
What we don’t do
We aren’t hackers, we didn’t penetrate any network and didn’t take any information or document.
According to Lawrence Abrams of Bleeping Computer and the DFIR Report, however, that’s inaccurate, and Quantum does encrypt (and apparently exfiltrates, although DFIR Report had not been able to verify that in one case they discussed). DataBreaches sent an inquiry to Quantum yesterday about their role and actions in the Tehama incident, but has received no reply (as yet, anyway).
DataBreaches also sent an inquiry yesterday to TCDSS with a number of questions as to whether they notified the California Attorney General’s Office, whether they notified HSS, and whether individuals whose data had been accessed or acquired have been notified by mail. TCDSS was also asked how many people, total, had personal or protected health information accessed or acquired. No reply has been received.