DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Town of Houlton Police discloses malware attack — again.

Posted on March 20, 2020 by Dissent

On March 17, the Town of Houlton, Maine disclosed that they had experienced a malware attack.

According to their disclosure, on October 16, 2019, they discovered that part of their network had been locked up by a virus that prevented access to files. The department was able to quickly restore from backup, and claim that investigation subsequently revealed that the malware was active on the network between October 15 and October 16. Further investigation revealed that unknown individual or individuals had first gained access sometime between January 25 and October 15. Two investigative firms were unable to determine whether any data had actually been accessed or exfiltrated. The department therefore prudently notified everyone who had personal information that might have been accessed.  Affected individuals have been offered services from Kroll that include monitoring and fraud insurance and identity restoration assistance.

The notification signed by Chief Timothy B. DeLuca continues:

Rest assured that we are committed to keeping the data we maintain as secure as possible. We are taking steps to minimize the potential for unauthorized access to our environment and making reasonable efforts to ensure the continued security of your information.

That might be a bit more convincing if this was their first malware incident.  But it’s not.

In April, 2015, this site had quoted a report from News Center Maine that said, in part:

The Houlton Police Department was also hit by the same or similar virus early this week, and it locked up all their files. Chief Terry McKenna said they, too, were forced to pay the ransom to get their computer data restored

At the time, I had commented:

So now that they’ve publicly admitted that they’ve paid ransom to unlock their files, are they more likely to get hit again?  Can they really be sure their employees won’t fall for the next malware attempt?

While it is commendable that the department was able to restore quickly from backup, how much has the department now spent recovering from  these two malware incidents and providing services to those affected? Could that money have been better used preventing successful attacks?  The department does not say how the attackers gained a foothold this time. Was it another phishing attack? And if it was, what additional steps should the department take at this point?  What’s Plan B if just training employees is not sufficient?

No related posts.

Category: Breach IncidentsGovernment SectorMalware

Post navigation

← India’s Vijay Sales Leaks Private Information through Exposed Amazon Backup Server
Golden Valley Health Centers notifies patients after employee email account comprised →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report