Constituent Platform Used by Congress Affected by Ransomware Attack
Following the Attack, 60 Members from Both Parties Have Been Unable to Access Constituent Information for Weeks.
iConstituent, a tech vendor that provides constituent outreach services to multiple House offices, including a newsletter service that enables Congress members to communicate with citizens in their districts and a service to track constituent casework, has been targeted by a ransomware cyberattack.
The platform is used everywhere across state governments in Nevada, Georgia, Hawaii, and Los Angeles. The New York State Assembly also has a contract with the organization for services.
Punchbowl News was the first to publish the news stating that the platform is used by 60 Congress members. According to Catherine Szpindor, the Chief Administrative Officer of the House, the lawmakers were informed of a ransomware incident on the platform’s e-newsletter system.
When contacted for a statement, Szpindor told Punchbowl News that there was no evidence of data being exposed or stolen from the House and that the network used by it was not impacted.
Sophos’ Senior Security Advisor John Shier declared the cyberattack was yet another case of the way ransomware threat actors use supply chains as a way of obtaining access to more important targets.
Regardless of what you do, you’re in somebody’s supply chain, whether you’re providing services directly to another party or you’re part of a larger organization or mechanism that provides services or products to other people.
The cyberattack was disclosed as the White House and law enforcement agencies take a more authoritative attitude on ransomware following disastrous incidents on JBS Foods, the world’s largest meatpacking organization, and Colonial Pipeline, the largest fuel pipeline operator in the U.S.
At the moment, it is unclear who was responsible for this latest ransomware attack.
As stated by, Rajiv Pimplaskar, chief risk officer for Veridium, departments that handle private information and client data are main targets for cybercriminals as they represent an important source of Personally Identifiable Information (PII).
The Justice Department has warned that other organizations would face ransomware cyberattacks in the future and urged critical infrastructure agencies to carry out proper cybersecurity measures to avert these incidents.