NYC transit workers hit by Qilin ransomware - thousands of members possibly affected

News
By published

Qilin hits the Local 100 of TWA

Code Skull
(Image credit: Shutterstock)
  • Qilin ransomware group claims breach of TWU Local 100 in New York
  • Data allegedly leaked to dark web; union represents 41,000 workers and 26,000 retirees
  • Stolen PII could fuel phishing and fraud; members urged to stay vigilant

The dreaded Qilin ransomware operators has added the Transport Workers Union of America (TWU) Local 100 chapter to its data leak site, saying it broke into the organization and has already leaked everything it stole onto the dark web.

The Local 100 chapter of the TWU is the local union which represents tens of thousands of transportation workers in and around New York City, including people who operate and maintain the subways, buses, and other transit services, as well as workers at some private bus and ferry companies.

It primarily organizes workers for representation and labor rights with different employers, such as the Metropolitan Transportation Authority (MTA), or various private operators. It negotiates contracts, handles grievances, advocates for better pay and working conditions, and more.

What kind of data was stored?

Qilin is a Russia-linked ransomware operator, blamed for some of the more disruptive attacks in recent history.

Qilin did not say exactly how much data it stole, what it contains, or how many people are affected - but in total, TWA Local 100 represents roughly 41,000 workers and 26,000 retirees.

Cybernews notes unions are often a high-value target due to the “prolific amounts” of sensitive data they hold on their workers. The Local 100’s website says it collects and keeps personally identifiable information (PII) such as full names, basic contact information, job titles, and salary information, medical and insurance benefits, as well as retirement and pension planning. However, it also keeps data on services such as housing assistance, safety and health, grievances and disciplinary actions, and more.

Cybercriminals can use this information to create highly convincing phishing emails, through which they can trick the victims into sharing valuable login details, or even making fraudulent wire transfers. Potential victims should be careful with incoming email messages, especially those claiming to be coming from the TWU and carrying a sense of urgency.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.