Yesterday I posted a hack to DataLossDB involving York County, SC based on a news report. Today, I saw another news report and that the first report had been updated. Significantly (to me, anyway), the first report now reads:
County officials discovered the intrusion during routine maintenance on Aug. 29, 2011, he said.
The server contained an old backup database of an old online application, “and that’s where the majority of (the names) were,” he said. “The database could be 12 to 15 years old” and contained about 12,500 names.
The remaining names came from a newer database collected up until Aug. 29, when the county detected the intrusion and shut down the database.
County officials made a copy of the entire server and sent it to the State Law Enforcement Division, the S.C. Sharing & Analysis Center, and local authorities for investigation.
If the incident was uncovered on August 29, 2011, why are people first being notified now? That strikes me as an unacceptable delay. What do you think?
Update of May 15: Yesterday, there was another follow-up to the story that addresses the question I raised above:
County officials said that they took so long to notify potential victims because their investigation found no indication that the information was taken from the server. Forensic testing of the server revealed “no smoking gun”, Joel Abernathy, director for Your County’s IT department, told the newspaper.