MOBILE, Ala. (WALA) – The potential hit inflicted on Mobile County government computer systems two months ago appears “significant,” according to a cybersecurity expert.

Mobile County government officials acknowledged for the first time Friday that the May 24 cyberattack may have compromised sensitive employee information.

Brian Linder, a ransomware expert for the cybersecurity firm Check Point Software, told FOX10 News that his firm has reviewed a ransomware demand posted by the group purportedly responsible for the Mobile County attack. He said he cannot verify the group’s claims but added they sound plausible.

“The volume of data that was stolen during the attack was fairly significant,” he said. “It looks like 90 gigabytes of data, which is quite a bit of data. And you know, so the opportunity for those bad actors to take that data and sell it could be very concerning for, you know, anyone that had data in there.”

County officials said Friday that they intend next week to inform county employees whose data may have been compromised. They declined to provide many details about the results of the ongoing forensic examination of the attack, including how many employees might have been affected or what kinds of information was compromised.

County officials said the notifications would provide information about credit and identity protection. County Commissioner Connie Hudson said the county will provide employees as much information as possible.

“It’s better to include too much than not enough,” she said.

Linder said malware attacks can cause two different problems. First, criminals can copy valuable information that can be sold on the dark web. They also can gain control of computer systems that encrypt servers. Victims often have no choice but to pay a ransom in order regain control of their vital information.

“The county appears to have stopped the second part of that which is the encryption, but the first part, where the data was stolen, that appears to have been successful,” he said. “And now they’re trying to sell that data.”

Linder said many different kinds of computer files contain information that can be used for identity theft. He cited one city in which hackers stole police records.

“In some cases, the police records happen to have Social Security numbers, but they have driver’s license information, addresses, phone numbers,” he said. “And keep in mind that even if the personally identifiable information that was stolen is incomplete, it can be correlated with other sources to possibly, you know, be used to steal identity.”

Mobile County is not alone. There has been an enormous increase in ransomware attacks, from high-profile cases such as the Colonial Pipeline attack in May to smaller companies and governments. Linder said those attackers have become more sophisticated.

“It’s a good business model for these bad actors, which is why it has become so popular and quite frankly, tricking someone into clicking on a link or attacking a system that hasn't been patched is really not that hard to do by these bad actors,” he said. “And that's why it's so successful.”

Technological improvements and the proliferation of cyberattacks also has made it easier for more criminals to engage in the activity, Linder said. He said new tools are widely available on the dark web.

“Believe it or not, even a casual bad actor – which sounds a little ridiculous – can rent services, much like you rent a car in an airport,” he said. “They can rent ransomware services. We we’ve had bad actors develop a platform for other bad actors to pay them or share in the profits to rent services to attack. So you don’t have to build the tools from the ground up anymore.”