D.C. police chief confirms personnel files stolen in ransomware attack

The group responsible, Babuk, said it's shutting down, though many ransomware actors simply regroup under different names.
Robert Contee
Washington Metropolitan Police acting Chief Robert Contee speaks to the press outside the U.S. Capitol on April 2, 2021, after a man deliberately drove his car into a barricade in Washington, DC., killing one police officer and injuring another. (Eric Baradat / AFP / Getty Images)

The head of Washington, D.C.’s Metropolitan Police Department said Thursday that personnel files were among the data stolen in a ransomware attack that was reported earlier this week.

In a departmentwide memo, Acting Chief Robert Contee wrote that the more than 250 gigabytes of MPD files stolen by affiliates of the Babuk ransomware gang included documents about individual officers.

“At this time, I can confirm that HR-related files with Personally Identifiable Information (PII) were obtained,” Contee wrote.

He added that the department, along with the D.C. Office of the Chief Technology Officer, are still assessing the full scope and impact of the breach.


StateScoop reported Monday that MPD files appeared on a leak site associated with the Babuk ransomware, which first appeared in January but until this week had targeted mostly businesses — including the NBA’s Houston Rockets — and nonprofit organizations rather than government agencies. The Babuk post threatened that the trove of D.C. police documents also included arrest reports, intelligence documents and internal memos.

Contee’s memo Thursday also noted that the department is still in the process of notifying every officer or employee whose information was breached.

“We are working to identify all impacted personnel, who will be contacted directly with additional guidance,” he wrote. “I recognize this is extremely stressful and concerning to our members.”

D.C. officials have not said if the Babuk incident also included forced encryption of MPD systems.

On Thursday, the leak site was updated to remove the department’s files and replaced with a note that Babuk would be shutting down.


“The babuk project will be closed, its source code will be made publicly available,” read a post in broken English.

Many ransomware groups that claim to “shut down” regroup under a different name.

Latest Podcasts