US private prison, detention centers operator hit by ransomware attack

The victim of this ransomware attack is Geo Group that runs over 120 private prisons and illegal immigration detention centers across the globe.


The victim of this ransomware attack is Florida-based Geo Group that runs over 120 private prisons and illegal immigration detention centers in the US, UK, Australia, and South Africa.

The Geo Group suffered a ransomware attack on August 19, in which health information and personal data of residents and inmates at the Marienville, Pennsylvania-based youth facility, a South Bay Correction and Rehabilitation Facility in Florida, and a non-operational facility in California was exposed.

According to Geo, after detecting the attack, they implemented “containment and remediation measures to address the incident, restore its systems, and reinforce the security of its networks and information technology systems.”

See: Ransomware attack on top Brazilian court encrypts files, backups

On November 3, Geo revealed that hackers gained access to its network and installed ransomware. After detecting the data breach, the company immediately cut off all its connections between infected corporate servers, data centers, facilities, and the corporate office.

However, as per investigation, the attackers managed to access personal and confidential health data, including name, date of birth, address, driver’s license number, social security number, employee ID number, medical treatment data, and other such information.

Geo claims that there isn’t any evidence of fraud or misuse of private data post the breach. The company is currently sending out notifications to former and current employees and has informed the SEC (Securities and Exchange Commission) via an 8-K form stating that the incident impacts a portion of its tech systems.

Moreover, the company informed the SEC that a “limited amount of data” comprising of personally identifiable information and protected health data was accessed.

See: Police lose evidence to Ryuk ransomware attack; suspects walk free

Furthermore, the company claims that it has recovered critical operation data, and the attack didn’t impose any significant impact on its business operations or the services it is expected to offer under the contract it has with government organizations.

Based on its assessment and on the information currently known and obtained through the investigation of the incident, the Company does not believe the incident will have a material impact on its business, operations or financial results, the statement said.


Moreover, Geo Group confirmed that as per their assessment and information obtained through the investigation, the incident wouldn’t have a “material impact” on its day-to-day operations, financial results, or business performance.

The company didn’t disclose if it paid the ransom to decrypt its files of restored the data from backups.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts