Cook County
Company Details
Linkedin ID:
cook-county
Website:
Employees number:
2,355
Number of followers:
4,488
NAICS:
92
Industry Type:
Homepage:
cookcountyil.gov
IP Addresses:
0
Company ID:
COO_1940379
Scan Status:
In-progress
Cook County Company CyberSecurity Posture
cookcountyil.gov
Toni Preckwinkle is the 35th president of the Cook County Board of Commissioners, an office she has held since 2010. A dedicated and effective public servant, President Preckwinkle has worked tirelessly and collaboratively to reshape County government through increased fiscal responsibility, transparency and improved services. As the top executive in Cook County, President Preckwinkle oversees one of the nation’s largest public health and hospitals systems and one of the nation’s largest criminal justice systems. President Preckwinkle is a lifelong advocate for equity and equality, and through her work as president, has fought to improve health care access, bring increased fairness to the criminal justice system and expand employment training opportunities for some of the County’s most disadvantaged youth. Leveraging more than 30 years of political experience and leadership, President Preckwinkle has restored credibility to County government, solving for more than $2.1 billion in budget deficits, cutting $851 million in expenditures and passing balanced budgets each year of her tenure. Through the President’s leadership, Cook County used the Affordable Care Act to create CountyCare, a managed care program for Medicaid-eligible residents which now has about 330,000 members. President Preckwinkle is a nationally recognized leader in the drive to reduce unnecessary and costly detention of non-violent offenders in the criminal justice system. The pretrial population at the Cook County Jail has been reduced by more than 30 percent since she took office in 2010 and in 2017, the MacArthur Foundation awarded Cook County one of its highly competitive Safety and Justice grants in recognition of the County’s progress in criminal justice reform and to support its continued efforts. At the same time President Preckwinkle has successfully fought for juvenile justice reform, reducing the number of children tried as adults and the population in the Juvenile Temporary Detention.
Cook County A.I CyberSecurity Scoring
Cook County Risk Score (AI oriented)Between 700 and 749
Cook County
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Cook County Global Score (TPRM)XXXX
Cook County
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Cook County Company CyberSecurity News & History
Past Incidents
3
Attack Types
3
Cook County (Minnesota)
Cyber Attack
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Cook County, Minnesota, experienced a **sophisticated phishing-based cyber attack** where hackers compromised a county employee’s email via a malicious link sent from a **trusted partner organization’s legitimate account**. The breach triggered a **domino effect**, risking further phishing propagation across interconnected municipal systems. While the attack was contained using the county’s incident response plan, it disrupted operations and necessitated **coordination with state agencies** to mitigate risks. The attack exploited **AI-driven low-barrier cybercrime tools** and **dark web resources**, reflecting the escalating threat landscape targeting local governments. Though no ransomware was explicitly confirmed in this incident, the method mirrored tactics used in broader **criminal or state-sponsored campaigns**, emphasizing vulnerabilities in public-sector cybersecurity. The breach underscored the **potential for cascading impacts** across linked agencies, including emergency services, had it escalated.
Cook County
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Cook County failed to protect the public's personal information. The private information of anyone issued a traffic citation in the state of Illinois has been readily available to anyone who asks for it. Personal information such as birthdays, addresses, license plate numbers and more. They were able to pull up sensitive information of public officials including Chicago Mayor Rahm Emanuel and Cook County Sheriff Tom Dart. CBS also found information for everyone including celebrity athletes, federal judges, police officers and domestic violence victims.
Cook County
Ransomware
Rankiteo Explanation
Attack limited on finance or reputation
Description: Cooke County in Texas was apparently hit by a gang using REvil ransomware. Cooke County had a population of 38,437 at the last US census in 2010 and the seat of the county is in Gainesville. Malicious attackers had posted screenshots of what they claim are documents and data from the county's police department on the dark web.
Cook County Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Cook County
Incidents vs Government Administration Industry Average (This Year)
Cook County has 21.95% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Cook County has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Cook County vs Government Administration Industry Avg (This Year)
Cook County reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Cook County (X = Date, Y = Severity)
Cook County cyber incidents detection timeline including parent company and subsidiaries
Cook County Company Subsidiaries
Toni Preckwinkle is the 35th president of the Cook County Board of Commissioners, an office she has held since 2010. A dedicated and effective public servant, President Preckwinkle has worked tirelessly and collaboratively to reshape County government through increased fiscal responsibility, transparency and improved services. As the top executive in Cook County, President Preckwinkle oversees one of the nation’s largest public health and hospitals systems and one of the nation’s largest criminal justice systems. President Preckwinkle is a lifelong advocate for equity and equality, and through her work as president, has fought to improve health care access, bring increased fairness to the criminal justice system and expand employment training opportunities for some of the County’s most disadvantaged youth. Leveraging more than 30 years of political experience and leadership, President Preckwinkle has restored credibility to County government, solving for more than $2.1 billion in budget deficits, cutting $851 million in expenditures and passing balanced budgets each year of her tenure. Through the President’s leadership, Cook County used the Affordable Care Act to create CountyCare, a managed care program for Medicaid-eligible residents which now has about 330,000 members. President Preckwinkle is a nationally recognized leader in the drive to reduce unnecessary and costly detention of non-violent offenders in the criminal justice system. The pretrial population at the Cook County Jail has been reduced by more than 30 percent since she took office in 2010 and in 2017, the MacArthur Foundation awarded Cook County one of its highly competitive Safety and Justice grants in recognition of the County’s progress in criminal justice reform and to support its continued efforts. At the same time President Preckwinkle has successfully fought for juvenile justice reform, reducing the number of children tried as adults and the population in the Juvenile Temporary Detention.
Loading...
Cook County Similar Companies
Etat de Vaud
Le canton de Vaud, c’est plus de 800 000 personnes vivant dans plus de 300 communes ! Rejoindre l’Administration cantonale vaudoise, c’est s’engager aux côtés de près de 40’000 personnes unies dans un même but : servir la population. Pourquoi nous suivre ? Dédiez votre quart d’heure vaudois aux o
State of Florida
Join Florida’s talented workforce to fulfill your professional goals and achieve a meaningful career. Our talented public servants work hard to serve more than 19 million residents across Florida, and you, too, can realize success in the Sunshine State. Working in Florida’s state government mean
Department of Health (Philippines)
The Philippine Department of Health (abbreviated as DOH; Filipino: Kagawaran ng Kalusugan) is the executive department of the Philippine government responsible for ensuring access to basic public health services by all Filipinos through the provision of quality health care and the regulation of all
State of Michigan
Every day the contributions and achievements of State of Michigan employees have a direct impact on over 10 million Michiganders across the state. If you're looking for a fulfilling career in state government that can make a real difference in the lives of others, you can find your place working wit
City of Amsterdam
Working for Amsterdam means working for the most beautiful city in the world. Think of its rich history, the role Amsterdam plays internationally, and events such as Sail, Gay Pride and King’s Day. Of course everybody wants to visit Amsterdam, or work or live here. As you can probably imagine, work
GSA
General Services Administration (GSA) is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies. Our organization includes the Public Buildings Service (PBS), Federal Acquisition Service (FAS), and a variety of S
NOAA: National Oceanic & Atmospheric Administration
Welcome! We're the National Oceanic & Atmospheric Administration or NOAA. From daily weather forecasts, severe storm warnings and climate monitoring to fisheries management, coastal restoration and supporting marine commerce, our products and services support economic vitality and affect more than
European Commission
The Commission represents and upholds the interests of the EU as a whole, and is independent of national governments. The European Commission prepares legislation for adoption by the Council (representing the member countries) and the Parliament (representing the citizens). It administers the budge
Rijksoverheid
Op vrijwel alle werkterreinen en functieniveaus biedt de Rijksoverheid leuke en boeiende banen. Vacatures zijn bovendien in heel Nederland te vinden. Waar voor jou precies de mogelijkheden liggen hangt onder andere samen met je vooropleiding. Zowel met een mbo- of hbo-diploma als met een universitai
.png)
Cook County CyberSecurity News
December 13, 2025 08:00 AM
Article
Schmal, Sanchez receive Chief's Award The Lake County Public Defender's office recently recognized two Lake County staffers with The Chief's...
November 28, 2025 08:00 AM
$7,500,000 Set Aside To Offer ‘Unconditional Monetary Support’ To Residents in One US County
Millions of dollars are being allocated to help thousands of families who are struggling to make ends meet in the Midwest. The Cook County...
November 06, 2025 08:00 AM
Area students explore careers in cybersecurity at The Hub
LIMA, Ohio (WLIO) — Students from several schools in Allen and Hardin counties are taking a serious interest in cybersecurity, attending an...
November 05, 2025 08:00 AM
Berwyn IT staff warn 2026 cloud, licensing and cybersecurity costs will rise as Windows 10 devices linger
IT department staff told the Budget & Finance Committee that the city will see “significant” recurring cost increases in 2026 as cloud...
November 04, 2025 08:00 AM
Minnesota election results: School funding referendum requests
ST. PAUL, Minn. (FOX 9) - Dozens of Minnesota school districts are asking taxpayers to approve new funding, including referendum requests...
October 24, 2025 07:00 AM
Laramie County approves cybersecurity upgrades, fleet purchases
CHEYENNE, Wyo. — Laramie County commissioners voted this week to invest in high-tech cybersecurity and updated wildfire defenses,...
October 09, 2025 07:00 AM
Cook County announces Grow with Google partnership to bring scholarships to adult learners
Cook County Board President Toni Preckwinkle announced a new partnership that is expected to open doors for adult learners.
September 22, 2025 07:00 AM
Cook County Department of Emergency Management and Regional Security Announces New Executive Director
President Preckwinkle appoints Alexander Joves to lead department Cook County Board President Toni Preckwinkle has appointed Alexander Joves...
September 18, 2025 07:00 AM
What’s New in Digital Equity: Stakeholders Urge USF Reforms
Plus, a new Arizona partnership aims to expand Internet access in the state along Interstate 17; Cook County, Ill., is planning a learning...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Cook County CyberSecurity History Information
Official Website of Cook County
The official website of Cook County is http://cookcountyil.gov.
Cook County’s AI-Generated Cybersecurity Score
According to Rankiteo, Cook County’s AI-generated cybersecurity score is 728, reflecting their Moderate security posture.
How many security badges does Cook County’ have ?
According to Rankiteo, Cook County currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Cook County have SOC 2 Type 1 certification ?
According to Rankiteo, Cook County is not certified under SOC 2 Type 1.
Does Cook County have SOC 2 Type 2 certification ?
According to Rankiteo, Cook County does not hold a SOC 2 Type 2 certification.
Does Cook County comply with GDPR ?
According to Rankiteo, Cook County is not listed as GDPR compliant.
Does Cook County have PCI DSS certification ?
According to Rankiteo, Cook County does not currently maintain PCI DSS compliance.
Does Cook County comply with HIPAA ?
According to Rankiteo, Cook County is not compliant with HIPAA regulations.
Does Cook County have ISO 27001 certification ?
According to Rankiteo,Cook County is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Cook County
Cook County operates primarily in the Government Administration industry.
Number of Employees at Cook County
Cook County employs approximately 2,355 people worldwide.
Subsidiaries Owned by Cook County
Cook County presently has no subsidiaries across any sectors.
Cook County’s LinkedIn Followers
Cook County’s official LinkedIn profile has approximately 4,488 followers.
NAICS Classification of Cook County
Cook County is classified under the NAICS code 92, which corresponds to Public Administration.
Cook County’s Presence on Crunchbase
No, Cook County does not have a profile on Crunchbase.
Cook County’s Presence on LinkedIn
Yes, Cook County maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cook-county.
Cybersecurity Incidents Involving Cook County
As of December 16, 2025, Rankiteo reports that Cook County has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Cook County has an estimated 11,663 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Cook County ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Cyber Attack and Data Leak.
How does Cook County detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with state agencies (coordination support), and containment measures with isolation of compromised email account, containment measures with communication with partner organizations, and remediation measures with staff training reinforcement, remediation measures with technological safeguards review, and communication strategy with inter-agency coordination, communication strategy with public awareness (via interview with wtip), and enhanced monitoring with implied (ongoing efforts to stay ahead of threats)..
Incident Details
Can you provide details on each incident ?
Title: Cook County Traffic Citation Data Breach
Description: Cook County failed to protect the public's personal information. The private information of anyone issued a traffic citation in the state of Illinois has been readily available to anyone who asks for it. Personal information such as birthdays, addresses, license plate numbers and more were exposed. Sensitive information of public officials, including Chicago Mayor Rahm Emanuel and Cook County Sheriff Tom Dart, was accessible. Information for other individuals, including celebrity athletes, federal judges, police officers, and domestic violence victims, was also found.
Type: Data Breach
Title: Cooke County Ransomware Attack
Description: Cooke County in Texas was apparently hit by a gang using REvil ransomware. Malicious attackers had posted screenshots of what they claim are documents and data from the county's police department on the dark web.
Type: Ransomware
Threat Actor: REvil ransomware gang
Motivation: Financial gain
Title: Cyber Attack on Cook County, Minnesota (Phishing and Potential Ransomware Threat)
Description: A sophisticated cyber attack targeted Cook County, Minnesota, where an attacker gained control of a county employee’s email address via a phishing link sent from a legitimate partner organization’s email. The incident highlights the rising trend of cyber threats against municipalities, including ransomware, denial-of-service (DoS) attacks, and state-sponsored threats. The attack exploited trust in known email addresses, creating a 'domino effect' risk. Cook County activated its incident response plan to contain the breach, emphasizing the need for staff training, technological safeguards, and inter-agency coordination. The attack underscores the growing accessibility of cybercrime tools (e.g., AI, dark web resources) and the ongoing 'arms race' between security teams and threat actors.
Type: Phishing
Attack Vector: Malicious Link in Legitimate EmailEmail Account Takeover (EAT)Phishing
Vulnerability Exploited: Human Trust in Known ContactsLack of Multi-Factor Authentication (MFA) (implied)Insufficient Email Security Protocols
Motivation: Potentially Financial (Ransomware Context)Disruption (DoS Mentioned)Espionage or State-Sponsored (implied)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing Link in Legitimate Partner Email.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COO021101122
Data Compromised: Birthdays, Addresses, License plate numbers
Incident : Ransomware COO14216123
Data Compromised: Screenshots of documents and data from the county's police department
Incident : Phishing COO409081825
Data Compromised: Email account data, Potential sensitive communications (implied)
Systems Affected: Employee Email AccountPotential Connected Systems (domino effect risk)
Operational Impact: Incident Response ActivationInter-Agency Coordination RequiredPotential Disruption to Services
Brand Reputation Impact: Potential Erosion of Public Trust in Municipal Cybersecurity
Identity Theft Risk: ['Potential (if PII accessed via email)']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Birthdays, Addresses, License Plate Numbers, , Police Department Documents And Data, , Email Communications, Potentially Sensitive Municipal Data and .
Which entities were affected by each incident ?
Incident : Data Breach COO021101122
Entity Name: Cook County
Entity Type: Government
Industry: Public Administration
Location: Illinois, USA
Incident : Ransomware COO14216123
Entity Name: Cooke County
Entity Type: Government
Industry: Public Administration
Location: Texas, USA
Size: 38,437 residents
Incident : Phishing COO409081825
Entity Name: Cook County, Minnesota
Entity Type: Local Government/Municipality
Industry: Public Administration
Location: Cook County, Minnesota, USA
Customers Affected: Residents (potential service disruption), Partner Organizations (via compromised email)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Phishing COO409081825
Incident Response Plan Activated: True
Third Party Assistance: State Agencies (Coordination Support).
Containment Measures: Isolation of Compromised Email AccountCommunication with Partner Organizations
Remediation Measures: Staff Training ReinforcementTechnological Safeguards Review
Communication Strategy: Inter-Agency CoordinationPublic Awareness (via interview with WTIP)
Enhanced Monitoring: Implied (ongoing efforts to stay ahead of threats)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through State Agencies (coordination support), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COO021101122
Type of Data Compromised: Birthdays, Addresses, License plate numbers
Sensitivity of Data: High
Incident : Ransomware COO14216123
Type of Data Compromised: Police department documents and data
Incident : Phishing COO409081825
Type of Data Compromised: Email communications, Potentially sensitive municipal data
Sensitivity of Data: Moderate to High (government communications)
Personally Identifiable Information: Potential (if emails contained PII)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Staff Training Reinforcement, Technological Safeguards Review, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolation of compromised email account, communication with partner organizations and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Phishing COO409081825
Regulatory Notifications: Potential State/Federal Reporting (implied)
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Phishing COO409081825
Lessons Learned: Cyber attacks are increasingly sophisticated and target even small municipalities., Trust in legitimate email sources can be exploited (domino effect risk)., AI and dark web tools lower the technical barrier for cybercriminals., Inter-agency coordination is critical for response and prevention., Critical public safety systems (e.g., 9-1-1) are prioritized for protection but remain at risk from fragmented attacks.
What recommendations were made to prevent future incidents ?
Incident : Phishing COO409081825
Recommendations: Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.Implement **Multi-Factor Authentication (MFA)** for all email accounts., Conduct **regular phishing simulations** and cybersecurity training for staff., Enhance **email security protocols** (e.g., link scanning, sender verification)., Develop **cross-agency incident response plans** for coordinated action., Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Monitor **dark web and AI-driven threats** proactively., Segment networks to **limit lateral movement** in case of breaches., Prioritize **backup and recovery systems** to mitigate ransomware risks.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Cyber attacks are increasingly sophisticated and target even small municipalities.,Trust in legitimate email sources can be exploited (domino effect risk).,AI and dark web tools lower the technical barrier for cybercriminals.,Inter-agency coordination is critical for response and prevention.,Critical public safety systems (e.g., 9-1-1) are prioritized for protection but remain at risk from fragmented attacks.
References
Where can I find more information about each incident ?
Incident : Data Breach COO021101122
Source: CBS
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CBS, and Source: WTIP North Shore Community RadioUrl: https://www.wtip.org.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Phishing COO409081825
Investigation Status: Contained (per interview); no further details on forensic analysis.
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Inter-Agency Coordination and Public Awareness (Via Interview With Wtip).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Phishing COO409081825
Stakeholder Advisories: State Agencies Provided Support; Coordination With Partner Organizations..
Customer Advisories: Residents advised indirectly via public interview (WTIP).
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were State Agencies Provided Support; Coordination With Partner Organizations., Residents Advised Indirectly Via Public Interview (Wtip). and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COO021101122
High Value Targets: Chicago Mayor Rahm Emanuel, Cook County Sheriff Tom Dart,
Data Sold on Dark Web: Chicago Mayor Rahm Emanuel, Cook County Sheriff Tom Dart,
Incident : Phishing COO409081825
Entry Point: Phishing Link in Legitimate Partner Email
High Value Targets: Employee Email Accounts, Potential Municipal Data,
Data Sold on Dark Web: Employee Email Accounts, Potential Municipal Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Phishing COO409081825
Root Causes: Over-Reliance On Trust In Known Email Sources., Potential Lack Of Mfa Or Email Security Layers., Human Error (Clicking Malicious Link).,
Corrective Actions: Reinforced Staff Training., Review Of Email Security Protocols., Enhanced Inter-Agency Communication Frameworks.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as State Agencies (Coordination Support), , Implied (Ongoing Efforts To Stay Ahead Of Threats), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Reinforced Staff Training., Review Of Email Security Protocols., Enhanced Inter-Agency Communication Frameworks., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an REvil ransomware gang.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were birthdays, addresses, license plate numbers, , Screenshots of documents and data from the county's police department, , Email Account Data, Potential Sensitive Communications (implied) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Employee Email AccountPotential Connected Systems (domino effect risk).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was state agencies (coordination support), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Isolation of Compromised Email AccountCommunication with Partner Organizations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Screenshots of documents and data from the county's police department, addresses, license plate numbers, Email Account Data, Potential Sensitive Communications (implied) and birthdays.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Critical public safety systems (e.g., 9-1-1) are prioritized for protection but remain at risk from fragmented attacks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Invest in **advanced threat detection** (e.g., behavioral analysis for anomalous email activity)., Prioritize **backup and recovery systems** to mitigate ransomware risks., Enhance **email security protocols** (e.g., link scanning, sender verification)., Segment networks to **limit lateral movement** in case of breaches., Implement **Multi-Factor Authentication (MFA)** for all email accounts., Monitor **dark web and AI-driven threats** proactively., Conduct **regular phishing simulations** and cybersecurity training for staff. and Develop **cross-agency incident response plans** for coordinated action..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are WTIP North Shore Community Radio and CBS.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.wtip.org .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Contained (per interview); no further details on forensic analysis..
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was State agencies provided support; coordination with partner organizations., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Residents advised indirectly via public interview (WTIP).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing Link in Legitimate Partner Email.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cook-county' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
