When did the Gloucester County ransomware attack occur?

The BlackSuit ransomware group breached Gloucester County systems on April 22, 2025, encrypting servers and demanding a ransom payment.

Which ransomware group was responsible for the Gloucester County attack?

The attack was claimed by the BlackSuit ransomware group, which encrypted county servers and demanded a ransom payment that the county refused to pay.

What personal information was compromised in the Gloucester County breach?

The exposed data includes Social Security numbers, names, driver's license numbers, bank account information, health insurance numbers, and medical information of current and former county employees.

Did Gloucester County pay the ransom demanded by BlackSuit?

No, Gloucester County refused to negotiate or pay the ransom demanded by the BlackSuit ransomware group after they encrypted county servers and demanded payment.

How did Gloucester County respond to the ransomware attack?

Gloucester County shut down affected systems and hired external cybersecurity experts to assist with the investigation and recovery process. The county also notified authorities, including the FBI's Cyber Crimes Division and the Virginia State Police Cyber Fusion Center.

When were affected employees notified about the Gloucester County breach?

Gloucester County sent formal breach notifications to affected employees in July 2025, approximately three months after the April 2025 ransomware attack occurred.

What support is Gloucester County providing to affected employees?

Gloucester County is offering identity theft protection services to affected employees for a 24-month period to help protect against potential misuse of their compromised personal information.

Who was targeted in the Gloucester County ransomware attack?

The attack specifically targeted current and former county employees of Gloucester County, Virginia. All 3,527 affected individuals were people who worked or had previously worked for the county government.

What should affected Gloucester County employees do to protect themselves?

Affected employees should take advantage of the free 24-month identity theft protection services offered by the county, monitor their financial accounts and credit reports for suspicious activity, be cautious of phishing attempts, and report any unauthorized use of their personal information to authorities and financial institutions.

What is the BlackSuit ransomware group?

BlackSuit is a ransomware group that encrypts victims' files and demands payment for decryption keys. The group has been known to target government entities and organizations, encrypting systems and demanding ransom payments in exchange for restoring access to compromised data.

What types of sensitive information were at risk in this attack?

The attack put various types of highly sensitive information at risk including Social Security numbers, driver's license numbers, bank account information, health insurance numbers, and medical information - all of which could be used for identity theft, financial fraud, and medical identity theft.

How long after the attack were employees notified?

There was approximately a three-month delay between the April 2025 ransomware attack and the July 2025 formal breach notifications sent to affected employees, which allowed time for investigation and assessment of the full scope of the compromise.

What should people do if they are former Gloucester County employees?

Former Gloucester County employees should watch for breach notification letters from the county, monitor their credit reports and financial accounts for suspicious activity, take advantage of the offered identity theft protection services, and be particularly vigilant for any signs of identity theft or financial fraud using their compromised information.

Incident

Ransomware attack on Gloucester County Virginia exposes employee personal data

Q: Which law enforcement agencies were notified about the Gloucester County attack?

The county notified several authorities including the FBI's Cyber Crimes Division and the Virginia State Police Cyber Fusion Center to assist with the investigation and response to the ransomware attack.

published: July 3, 2025

Learn More

Gloucester County, Virginia, was hit by a ransomware attack in April 2025 that compromised sensitive personal information belonging to 3,527 current and former county employees.

Gloucester County shut down affected systems and hired external cybersecurity experts to assist with the investigation and recovery process. The authorities were also notified, including the FBI's Cyber Crimes Division and the Virginia State Police Cyber Fusion Center.

The attack was claimed by the BlackSuit ransomware group, which breached county systems on April 22, 2025, encrypted servers and demanded a ransom payment. The county refused to negotiate or pay the ransom. The exposed data includes:

Social Security numbers
Names
Driver's license numbers
Bank account information
Health insurance numbers
Medical information

The attack affected 3,527 individuals, all of whom were current or former county employees working for this Virginia jurisdiction.

Gloucester County sent formal breach notifications to affected employees in July 2025. The county offers identity theft protection services through for a 24-month period.

Ransomware attack on Gloucester County Virginia exposes employee personal data

Read More
Play Ransomware gang claims attack on Chicago radio …
Ransomware attack disrupts health system network in Micronesia's …
PDCM Insurance hit by ransomware attack, exposes employee …
Groupe IDEA hit by LockBit ransomware gang attack …
Israeli hospital hit by ransomware attack during Yom …