The New York City Police Department’s fingerprint database was hit with ransomware in October 2018, a local newspaper learned.
The attack was brought in by a third-party vendor who was installing video equipment at the NYPD’s police academy when it connected its infected computer to the police network, according to the New York Post.
The initial infection hit 23 police computers linked to the LiveScan fingerprint tracking system, but Deputy Commissioner for Information Technology Jessica Tisch told The Post the ransomware "never executed" but the fingerprint system was shut down for several hours and the city reinstalled the software on about 200 computers to ensure they were safe.
"This incident serves as a reminder that even with good technical controls in place, all it takes for one act of negligence by an employee or contractor such as clicking on a link, or as in this case, plugging in an infected device into the network for trouble to spread rapidly," Javvad Malik, security awareness advocate with KnowBe4.
The original version of this article was published on SC Media US.