BY JOHN HOLLER
Wright County Communications Specialist
BUFFALO, MN – Wright County Board of Commissioners Chair Christine Husom and County Administrator Lee Kelly are responding to a data security issue that occurred in early 2019, which has taken more than a year to investigate.
Jan. 31, 2019, the Wright County Information Technology Department discovered unusual activity in the county’s email system, as an unknown party was able to enter an individual email account in the county’s Office 365 system. The county took immediate steps to shut down the email system and to hire a computer forensics expert to analyze the specifics on what happened. April 22, 2019, the investigation revealed that a phishing email had involved 11 other email accounts.
The investigation searched every email in all the accounts, which was extremely laborious and time-consuming and wasn’t completed until Feb. 28, 2020. Additional analysis was completed in late-March 2020. As part of the investigative process, it was determined that personal, private or confidential information from 12,320 individuals was contained in the emails and document attachments.
“A distinction needs to be made about this process,” Kelly said. “This intrusion was in an employee email account, not the county’s network or databases. As part of the investigation, the computer forensics firm examined whether any of the information was used for the purposes of fraud or identity theft and found no instances of either. However, as a precaution just to be sure, the county is providing free access to all major consumer credit reporting agencies for those whose names were identified to assure that were not the victims of identity theft.”
The information that was potentially involved included names, addresses, dates of birth, social security numbers, driver’s license/ID card numbers, medical/health insurance information financial account information private personnel data and personal information involving minors.
Since the 2019 incident, Wright County has taken preventive measures to enhance the security of its entire system, which Husom said has improved the security of the personal information the county holds and retains.
“There have been several steps that have been taken over the last year to strengthen the security of all of our county systems to help reduce the risk of something like this happening again,” Husom said. “When our IT director position came open, we hired someone with an extensive cybersecurity background with the US Department of Defense. We implemented a system of segregating protected and personal information from within the county’s cyber network. We implemented multi-factor authentication to access accounts. We have required all employees to take part in mandatory cybersecurity training to help identify email threats and to spot phishing emails. We can’t change what happened, but we have gone to great lengths to prevent it from reoccurring.”
As part of the notification process, a call center has been established for individuals to call to see if their names are on the list of those potentially impacted. The number is 833-979-2231 and is open from 8 a.m.-8 p.m. Monday through Friday.
While the delay from when the incident took place until now has been more than 15 months, Kelly said it has been a process that was necessary given the time it took to fully complete the investigation and examine every page of every document that was red flagged.
“Unfortunately, this is the world we live in now,” Kelly said. “Many of the people who do these sorts of attacks aren’t out to steal anyone’s private information. Most just want to prove to themselves that they can find a way into a system. The fact that the investigation didn’t find any cases of identity theft over the last year among the names involved in the emails lends to that way of thinking that this wasn’t someone with malicious intent to steal identities and use people’s private information. We regret this happened, obviously, but we have done our due diligence to make sure that our system for protecting information and detecting those who try to get access to it has been strengthened to reduce the potential of a repeat of this type of attack.”