The GEO Group, Inc. (GEO), a publicly held company located in Boca Raton Florida, announced on November 3, 2020, that it is beginning to notify individuals following a ransomware attack that “impacted a limited amount of personally identifiable information and protected health information for some inmates and residents contained on certain servers for a small number of facilities including the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and a now close facility in California. The incident also impacted two corporate servers with employee data.”

According to the statement on its website, the GEO Group is “not aware of any fraud or misuse of information as result of this incident.”

The ransomware attack was discovered by GEO on August 19, 2020. It thereafter launched an investigation with cybersecurity firms and law enforcement. According to the website notice, “the company recovered its critical operating data and, based on its assessment and on the information currently known and obtained through the investigation, the Company does not believe the incident will have a material impact on its business, operations or financial results.”

GEO is a publicly traded organization that “is a fully integrated equity real estate investment trust specializing in the design, financing, development and operation of secure facilities, processing centers, and community reentry centers in the United States, Australia, South Africa, and the United Kingdom. GEO is a leading provider of enhanced in-custody rehabilitation, post-release support, electronic monitoring, and community-based programs.” It owns or manages 123 facilities totaling approximately 93,000 beds and employing approximately 23,000 professionals. Its website states that its “diversified services platform provides unique capabilities for the delivery of educational and vocational programs, cognitive behavioral and substance abuse treatment, and faith based services across the entire corrections spectrum.”

Based upon the statement, it appears that GEO is notifying affected inmates, residents and employees of the incident.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.