Notification of Data Security Incident
May 13, 2020
Wright County, Minnesota – Notification of Data Security Incident
This notice is to inform Wright County residents of a data security incident that potentially affected the personal information of county residents and non-residents in Wright County’s possession. We take the privacy and security of private information we hold very seriously and regret any concerns that this event may cause.
What Happened? On Jan. 31, 2019, Wright County discovered unusual activity in an individual email account in the Wright County system (not the entire network or database). The county took immediate action, securing the email network and hiring a third-party computer forensics expert to conduct an investigation to determine whether personal information was involved. On April 22, 2019, the investigation revealed that 11 email accounts within the county’s network may have been accessed without authorization. A detailed and time-consuming analysis of the contents of the mailboxes of those email accounts identified was conducted to determine if any personal, confidential or private information may have been accessed. The investigation found no malicious activities related to this intrusion.
What Information Was Involved? The process was complex and laborious, requiring the assistance of a third-party data analyst team and outside forensic data privacy experts. The lengthy initial analysis was completed on Feb. 28, 2020 and revealed that personal, private or confidential information of 12,320 individuals was contained in the affected mailboxes. Additional analysis on the data sets commenced immediately and was completed in March 2020. Due to the allocation of county resources in response to the current State of Emergency in Minnesota, notification was made as soon as possible following the completion of the investigation and analysis. The information potentially involved included names, dates of birth, Social Security numbers, medical and/or health information, health insurance information, financial account numbers, usernames for on-line accounts and/or personal information belonging to minors.
What Are We Doing? As soon as Wright County discovered the outside activity, immediate action was taken. The county has implemented a new security paradigm to segregate protected and personal information, has created an employee cybersecurity training program for all employees and implemented a multi-factor authentication process to increase security as measures to prevent a similar intrusion into the county’s network.
While the investigation did not discover any misuse of the information or any indication of any instances of fraud or identity theft, as a precaution for our residents, Wright County is offering 12 months of identity protection and credit monitoring services free of charge to any individual whose information was identified as potentially being compromised. Additionally, the county has established a toll-free call center to determine if a caller’s name was among those potentially impacted. The call center is available Monday through Friday from 8 a.m. to 8 p.m. Central Time and can be reached at 1-833-979-2231.
Wright County has taken steps to enhance the security of its email system and its network as a whole to reduce the risk of a recurrence in the future. The county encourages residents to call the toll-free number listed above with questions or to determine if their information may have been involved. Residents are also encouraged to review the information below for additional steps that can be taken to protect one’s private information.
Wright County regrets that this incident took place and that it required a lengthy amount of time to complete the investigation. Due to legal reporting requirements, the county was unable to make a public statement until the investigation was completed to ensure investigative due diligence. While the investigation did not find any misuse of resident information, we are providing the following information to assist those wanting to know more about steps they can take to protect themselves.
What steps can I take to protect my personal information?
- If you detect any suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
- Obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed at the bottom of this page.
- Please notify your financial institution immediately of any unauthorized transactions made or new accounts opened in your name.
- You can take steps recommended by the Federal Trade Commission to protect yourself from identity theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
- Additional information on what you can do to better protect yourself is included in your notification letter.
What should I do to protect myself from payment card/credit card fraud?
We suggest you review your debit and credit card statements carefully for any unusual activity. If you see anything you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is also included below:
Equifax P.O. Box 105851
Atlanta, GA 30348
1-800-525-6285
Experian P.O. Box 9532
Allen, TX 75013
1-888-397-3742
TransUnion P.O. Box 1000
Chester, PA 19016
1-877-322-8228
www.transunion.com
Free Annual Report P.O. Box 105281
Atlanta, GA 30348
1-877-322-8228
www.annualcreditreport.com
How do I put a fraud alert on my account?
You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
How do I put a security freeze on my credit reports?
You also have the right to place a security freeze on your credit report. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. A security freeze may be placed or lifted free of charge.
You may make that request by certified mail, overnight mail, or regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. You may obtain a security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze PO Box 105788
Atlanta, GA 30348
1-800-685-1111
Experian Security Freeze PO Box 9554
Allen, TX 75013
1-888-397-3742
TransUnion (FVAD) PO Box 2000
Chester, PA 19022
1-800-888-4213
Are there steps I can take to protect my minor child’s personal information?
You can request that each of the three national credit reporting agencies perform a manual search for a minor’s Social Security number to determine if there is an associated credit report. Copies of identifying information for the minor and parent/guardian may be required, including birth or adoption certificate, Social Security card and government issued identification card. If a credit report exists, you should request a copy of the report and immediately report any fraudulent accounts to the credit reporting agency. You can also report any misuse of minor’s information to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and instructions for requesting a manual Social Security number search, visit the FTC website: https://www.consumer.ftc.gov/articles/0040-child-identity-theft.
Media Contact Name: Christopher Ballod. Email: [email protected]
Source: WRIGHT COUNTY