Pine County hacked, security breach feared

Last week, Pine County was attacked by a hacker who may have breached county security systems and accessed residents’ personal information.

According to Pine County Administrator David Minke, the information was compromised when “a malicious actor gained access through a phishing email.” This gave them access to an employee’s email account.

They discovered the breach when the “malicious actor” used the email account in an attempt to change the employee’s email account, said Minke. Once they learned of the breach, the county immediately launched an investigation, hiring an independent forensics provider and legal assistance.

According to the county’s website, during the investigation they learned that some of the information within the compromised email account may have contained personal information. They estimate about 4,400 individuals may have been affected. The information could include names, addresses, Social Security numbers, medical/health information, insurance information, financial account numbers, mother’s maiden names, and/or state/government identification numbers. As of Monday afternoon, Minke reported that there hasn’t been any evidence of misuse of the information.

Pine County has sent out notification letters to potentially impacted residents explaining the situation and what the resident can do to help protect their information. The county has also taken steps to improve data security. Minke said the county has eliminated the use of webmail and the use of auto forward rules, established a three-year email retention limit which will start in January of 2020, and implemented an employee cyber security training program.

In addition to the letter, the county has also set up a toll-free call center to answer questions about the incident and to assist with any concerns residents may have. To contact the call center, call 833-967-1094; they are available Monday-Friday from 8 a.m. to 8 p.m. The county’s website also says that “out of an abundance of caution, Pine County is offering identity protection services through ID Experts® to potentially impacted individuals at no cost.”

Protecting personal information

Pine County also offered information on what steps to take to protect your personal information. Some of these include:

If you detect any suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.

• Obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228.

• Notify your financial institution immediately of any unauthorized transactions made or new accounts opened in your name.

• You can take steps recommended by the Federal Trade Commission to protect yourself from identity theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.

Additional information on what residents can do to better protect themselves is included in the notification letter.

Other suggestions included reviewing debit or credit card statements carefully for unusual activity and report anything suspicious right away. Check your credit report, you can obtain a free copy of your credit report from the top three credit reporting agencies, Equifax, Transunion and Experian. Contact information for these agencies can be found on the county’s website.

Other possible steps could include putting a fraud alert on your credit report or establishing a security freeze on your credit report. The difference between a freeze or a fraud alert is that with a fraud alert creditors can still access your credit report as long as they take the proper steps to verify your identity, whereas with a freeze it stops all access to your credit report.

Lewis Brisbois, the law firm assisting the county with this incident, stated in a press release Monday afternoon, “Pine County regrets that the incident occurred, and is taking additional steps to strengthen its security to minimize the chance of an event like this happening in the future.”

(1) comment

Barry White

This malicious actor and the phishing email are not the problem here. Phishing has been going on almost since the beginning of the Internet. The problem is that a county employee clicked on a link in an email. Anyone who uses the Internet should know better than to do this. Anyone who works in a department that handles sensitive information about residents and does this should be fired. I'd also have my doubts about the qualifications of whoever is supposed to be in charge of the security of the computer network.

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.