Detroit PBS confirms cyberattack as Qilin ransomware claims responsibility for data breach

Detroit PBS, a public non-commercial television station known for its diverse programming, has disclosed a significant cybersecurity breach involving the exfiltration of sensitive data. The station confirmed that "an unauthorized actor" had infiltrated its systems, with the Qilin ransomware group claiming responsibility for the attack. The breach led to the release of 345 gigabytes of stolen files.

The incident was first detected on September 1, 2024, as indicated in a filing with the Maine Attorney General’s office. An internal investigation revealed that certain systems within Detroit PBS had been infected with malware, preventing access to specific files. The compromised data included personal information of at least 1,694 individuals, encompassing names, addresses, and Social Security numbers.

In response to the breach, Detroit PBS conducted an extensive address lookup to ensure accurate notification of affected individuals. To mitigate the potential impact, the station has offered free credit monitoring services to those affected. In an official statement, Detroit PBS emphasized its swift response, stating, “Detroit PBS moved quickly to investigate and respond to the incident, assess the security of Detroit PBS systems, and identify potentially affected individuals. Further, Detroit PBS notified federal law enforcement regarding the event. Detroit PBS is also working to implement additional safeguards and training for its employees.”

On September 23, 2024, Qilin ransomware publicly claimed responsibility for the breach via a post on its victim site on the dark web. The group alleged that it had obtained 176,487 files amounting to 345 gigabytes of data. Screenshots provided by the cybercriminals suggest that the stolen files include invoices, financial documents, a memorandum of agreement, and other sensitive materials. Reports indicate that Detroit PBS did not comply with ransom demands, leading the attackers to release the stolen files. While Cybernews refrained from accessing the leaked data, inquiries have been sent to Detroit PBS for further clarification.

Qilin ransomware, also known as Agenda, is a Russian-speaking hacking group infamous for financially motivated cyberattacks. The group has previously targeted high-profile institutions, including hospitals in London. Operating as a ransomware-as-a-service (RaaS) syndicate, Qilin refrains from attacking entities within Russia and other Commonwealth of Independent States (CIS) countries. The group has been linked to leveraging a destructive zero-day vulnerability known as “Citrix Bleed,” which it exploits to gain unauthorized access to victims’ systems.