The New York City Police Department’s fingerprint database was hit with ransomware in October 2018, a local newspaper learned.

The attack
was brought in by a third-party vendor who was installing video equipment at
the NYPD’s police academy when it connected its infected computer to the police
network, according to the New
York Post
.

The initial
infection hit 23 police computers linked to the LiveScan fingerprint tracking
system, but Deputy Commissioner for Information Technology Jessica Tisch told The
Post the ransomware “never executed” but the fingerprint system was shut down
for several hours and the city reinstalled the software on about 200 computers
to ensure they were safe.

“This
incident serves as a reminder that even with good technical controls in place,
all it takes for one act of negligence by an employee or contractor such as
clicking on a link, or as in this case, plugging in an infected device into the
network
for trouble to spread rapidly,” Javvad Malik, security awareness advocate
with KnowBe4.