- Qilin Ransomware Group Claims Breach of TWU Local 100 in New York
- Data allegedly leaked on the dark web; the union represents 41,000 workers and 26,000 retirees
- Stolen personal information could fuel phishing and fraud; members are urged to remain vigilant
The dreaded Qilin ransomware operators have added the Transport Workers Union of America (TWU) Local Chapter 100 to its data leak site, claiming it broke into the organization and has already leaked everything it stole to the dark web.
TWU Local 100 is the local union that represents tens of thousands of transportation workers in and around New York City, including people who operate and maintain subways, buses and other mass transit services, as well as workers for some private bus and ferry companies.
It primarily organizes workers for representation and labor rights with different employers, such as the Metropolitan Transportation Authority (MTA) or various private operators. He negotiates contracts, handles grievances, advocates for better wages and working conditions, and much more.
What type of data was stored?
Qilin is a Russia-linked ransomware operator accused of being responsible for some of the most disruptive attacks in recent history.
Qilin didn’t say exactly how much data was stolen, what it contains, or how many people are affected — but in total, TWA Local 100 represents about 41,000 workers and 26,000 retirees.
Cybernews notes that unions are often a high-value target because of the “prolific amounts” of sensitive data they hold on their workers. Local 100’s website says it collects and maintains personally identifiable information (PII) such as full names, basic contact information, job titles and salary information, medical and insurance benefits, and retirement and pension planning. However, it also maintains data on services such as housing assistance, safety and health, grievances and disciplinary actions, etc.
Cybercriminals can use this information to create highly convincing phishing emails, where they can trick victims into sharing valuable login credentials or even making fraudulent wire transfers. Potential victims should be careful of incoming email messages, especially those that claim to be from TWU and convey a sense of urgency.

Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.






















