Nir Perry, founder of Cyberwrite, a New York-based company that helps insurance agencies quantify what municipalities might need to pay out during an attack, said a minor incident could cost thousands, while a larger scale attack could cost tens of millions. The range depends on whether a ransom is requested, whether data is breached, whether notification is required and how many people are needed to respond, among other factors.
“I think, in general, municipalities are most susceptible to cyberattacks because they are less technological and they have less budgets for technology,” Perry said.
Some other Minnesota agencies have faced litigation following separate cybersecurity incidents.
The University of Minnesota announced in 2023 that a hacker had “likely gained unauthorized access” to a database containing three decades’ worth of sensitive information pertaining to applicants, students and employees. The U said it suspected the data was accessed in 2021 and faced lawsuits from people who alleged, among other things, that the university hadn’t done enough to prevent the breach.
The U and the plaintiffs have reached a tentative $5 million settlement, according to documents filed in court earlier this month. People who received notice that their data had been breached could each receive roughly $30 payments and two years of dark web monitoring services. The deal also calls for the U to commit to improving security for the database that was compromised. The agreement is expected to come up for court approval later this year.
A spokesperson for the U declined to comment but said the U would release more information after the court hearings. The court filing notes that the U is not admitting any liability or wrongdoing.
Source link
