This notice is to inform Wright County residents of a data security incident that potentially affected the personal information of county residents and non-residents in Wright County’s possession. We take the privacy and security of private information we hold very seriously and regret any concerns that this event may cause.
What Happened? On Jan. 31, 2019, Wright County discovered unusual activity in an individual email account in the Wright County system (not the entire network or database). The county took immediate action, securing the email network and hiring a third-party computer forensics expert to conduct an investigation to determine whether personal information was involved. On April 22, 2019, the investigation revealed that 11 email accounts within the county’s network may have been accessed without authorization. A detailed and time-consuming analysis of the contents of the mailboxes of those email accounts identified was conducted to determine if any personal, confidential or private information may have been accessed. The investigation found no malicious activities related to this intrusion.
What Information Was Involved? The process was complex and laborious, requiring the assistance of a third-party data analyst team and outside forensic data privacy experts. The lengthy initial analysis was completed on Feb. 28, 2020 and revealed that personal, private or confidential information of 12,320 individuals was contained in the affected mailboxes. Additional analysis on the data sets commenced immediately and was completed in March 2020. Due to the allocation of county resources in response to the current State of Emergency in Minnesota, notification was made as soon as possible following the completion of the investigation and analysis. The information potentially involved included names, dates of birth, Social Security numbers, medical and/or health information, health insurance information, financial account numbers, usernames for on-line accounts and/or personal information belonging to minors.
What Are We Doing? As soon as Wright County discovered the outside activity, immediate action was taken. The county has implemented a new security paradigm to segregate protected and personal information, has created an employee cybersecurity training program for all employees and implemented a multi-factor authentication process to increase security as measures to prevent a similar intrusion into the county’s network.
While the investigation did not discover any misuse of the information or any indication of any instances of fraud or identity theft, as a precaution for our residents, Wright County is offering 12 months of identity protection and credit monitoring services free of charge to any individual whose information was identified as potentially being compromised. Additionally, the county has established a toll-free call center to determine if a caller’s name was among those potentially impacted. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Central Time and can be reached at 1-833-979-2231.
Wright County has taken steps to enhance the security of its email system and its network as a whole to reduce the risk of a recurrence in the future. The county encourages residents to call the toll-free number listed above with questions or to determine if their information may have been involved. Residents are also encouraged to review the information below for additional steps that can be taken to protect one’s private information.
Wright County regrets that this incident took place and that it required a lengthy amount of time to complete the investigation. Due to legal reporting requirements, the county was unable to make a public statement until the investigation was completed to ensure investigative due diligence. While the investigation did not find any misuse of resident information, we are providing the following information to assist those wanting to know more about steps they can take to protect themselves.
swidup
commented
4 years ago
https://www.hometownsource.com/monticello_times/free/what-wright-county-details-actions-related-to-possible-data-breach/article_99aabb9e-9558-11ea-92ff-3f3062702cc5.html
This notice is to inform Wright County residents of a data security incident that potentially affected the personal information of county residents and non-residents in Wright County’s possession. We take the privacy and security of private information we hold very seriously and regret any concerns that this event may cause.
What Happened? On Jan. 31, 2019, Wright County discovered unusual activity in an individual email account in the Wright County system (not the entire network or database). The county took immediate action, securing the email network and hiring a third-party computer forensics expert to conduct an investigation to determine whether personal information was involved. On April 22, 2019, the investigation revealed that 11 email accounts within the county’s network may have been accessed without authorization. A detailed and time-consuming analysis of the contents of the mailboxes of those email accounts identified was conducted to determine if any personal, confidential or private information may have been accessed. The investigation found no malicious activities related to this intrusion.
What Information Was Involved? The process was complex and laborious, requiring the assistance of a third-party data analyst team and outside forensic data privacy experts. The lengthy initial analysis was completed on Feb. 28, 2020 and revealed that personal, private or confidential information of 12,320 individuals was contained in the affected mailboxes. Additional analysis on the data sets commenced immediately and was completed in March 2020. Due to the allocation of county resources in response to the current State of Emergency in Minnesota, notification was made as soon as possible following the completion of the investigation and analysis. The information potentially involved included names, dates of birth, Social Security numbers, medical and/or health information, health insurance information, financial account numbers, usernames for on-line accounts and/or personal information belonging to minors.
What Are We Doing? As soon as Wright County discovered the outside activity, immediate action was taken. The county has implemented a new security paradigm to segregate protected and personal information, has created an employee cybersecurity training program for all employees and implemented a multi-factor authentication process to increase security as measures to prevent a similar intrusion into the county’s network.
While the investigation did not discover any misuse of the information or any indication of any instances of fraud or identity theft, as a precaution for our residents, Wright County is offering 12 months of identity protection and credit monitoring services free of charge to any individual whose information was identified as potentially being compromised. Additionally, the county has established a toll-free call center to determine if a caller’s name was among those potentially impacted. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Central Time and can be reached at 1-833-979-2231.
Wright County has taken steps to enhance the security of its email system and its network as a whole to reduce the risk of a recurrence in the future. The county encourages residents to call the toll-free number listed above with questions or to determine if their information may have been involved. Residents are also encouraged to review the information below for additional steps that can be taken to protect one’s private information.
Wright County regrets that this incident took place and that it required a lengthy amount of time to complete the investigation. Due to legal reporting requirements, the county was unable to make a public statement until the investigation was completed to ensure investigative due diligence. While the investigation did not find any misuse of resident information, we are providing the following information to assist those wanting to know more about steps they can take to protect themselves.