California's finance department hit by a cyberattack

The California Department of Finance was the victim of a cyberattack, the governor's office confirmed.

The California Cybersecurity Integration Center is actively responding to a cybersecurity incident, which was proactively identified through coordination with state and federal security partners, according to California Gov. Gavin Newsom's Office of Emergency Services.

"While we cannot comment on specifics of the ongoing investigation, we can share that no state funds have been compromised," and the DOF is continuing work on the governor's preliminary budget that will be released in January, OES said in the release.

Bloomberg News

Russia-affiliated ransomware group LockBit claimed responsibility for the attacks in a blog, saying they have stolen 76GB of data, including IT and financial documents, confidential data and "sexual proceedings in court," according to InfoSecurity magazine. They threaten that if the Department of Finance doesn't pay it by Dec. 24 it will publish a cache of stolen files.

U.S. public finance issuers are seeing an increasing number of cyberattacks and issuers will need to adapt to maintain credit quality, according to an S&P Global Ratings released Tuesday.

Evolving credit risks include the changing nature of threats, rising cyber insurance costs, third-party vendor exposure, and regulatory uncertainty.

U.S. public finance issuers maintain important infrastructure and are trusted with customers' personal identifiable information and digital identities making them an increasingly attractive target, but adoption of baseline cyber security standards and frameworks still varies among state, county, and municipal governments.

"Inadequate cyber risk management and oversight that is ineffective in mitigating risk are incorporated into our rating analysis and could result in negative rating actions," said S&P credit analyst Thomas Zemetis.

California's OES, Department of Technology, California Military Department and California Highway Patrol worked together to rapidly deploy digital security and online threat-hunting experts to "assess the extent of the intrusion and to evaluate, contain and mitigate future vulnerabilities," according to OES' statement.

Newsom launched the state's first multi-year cybersecurity roadmap Cal-Secure, which strengthens the state's cybersecurity measures and prioritizes the resources to manage the most significant cyber risks and safeguard those services, according to the OES release.

The governor, in partnership with the Legislature, has advanced $260 million to bolster the state's ability to prevent and respond to cyberattacks, according to the governor's office.

That comes on top of $38.8 million included in the state's fiscal year 2021-22 budget to improve its overall security posture, improve statewide information security initiatives, analyze cyber threat intelligence and mitigate potential threats.