Qilin ransomware group claims breach of TWU Local 100 in New York

Data allegedly leaked to dark web; union represents 41,000 workers and 26,000 retirees

Stolen PII could fuel phishing and fraud; members urged to stay vigilant

The dreaded Qilin ransomware operators has added the Transport Workers Union of America (TWU) Local 100 chapter to its data leak site, saying it broke into the organization and has already leaked everything it stole onto the dark web.

The Local 100 chapter of the TWU is the local union which represents tens of thousands of transportation workers in and around New York City, including people who operate and maintain the subways, buses, and other transit services, as well as workers at some private bus and ferry companies.

It primarily organizes workers for representation and labor rights with different employers, such as the Metropolitan Transportation Authority (MTA), or various private operators. It negotiates contracts, handles grievances, advocates for better pay and working conditions, and more.

What kind of data was stored?

Qilin is a Russia-linked ransomware operator, blamed for some of the more disruptive attacks in recent history.

Qilin did not say exactly how much data it stole, what it contains, or how many people are affected - but in total, TWA Local 100 represents roughly 41,000 workers and 26,000 retirees.

Cybernews notes unions are often a high-value target due to the “prolific amounts” of sensitive data they hold on their workers. The Local 100’s website says it collects and keeps personally identifiable information (PII) such as full names, basic contact information, job titles, and salary information, medical and insurance benefits, as well as retirement and pension planning. However, it also keeps data on services such as housing assistance, safety and health, grievances and disciplinary actions, and more.

Cybercriminals can use this information to create highly convincing phishing emails, through which they can trick the victims into sharing valuable login details, or even making fraudulent wire transfers. Potential victims should be careful with incoming email messages, especially those claiming to be coming from the TWU and carrying a sense of urgency.

