Clearfield County Commissioners on Tuesday announced that some people involved with the county had personal information compromised in a recent cyber attack.
Commissioners said in a press release that the county has notified the affected individuals in writing and is offering those affected one year of free credit monitoring.
The impacted data included name, birthday, and social security number of impacted individuals.
County statement“Clearfield County today announced that a recent cyber event may have impacted the security of personal information relating to certain individuals associated with the county. The county has sent written notification letters regarding the incident to these individuals, which will include steps they may take to help protect their personal information, should they feel it is appropriate to do so,” the statement said.
“On Jan. 9, the county learned that it was the target of a cybercriminal attack and that its computer network was infected with ransomware. The county immediately launched an investigation into the nature and scope of the incident and hired outside legal counsel, who then engaged forensic investigators to further analyze this event.
“Based upon the county’s current investigation, an unauthorized party obtained access to county servers in late October 2020. On Jan. 25 the county received confirmation that the cybercriminals had accessed certain files that were stored within the county’s computer environment and contained personal information.
“On Feb. 12, the forensic investigation confirmed that some of the personal information stored on the county’s network was made available on the cybercriminal’s website. The incident required the county to conduct a thorough and lengthy review of the potentially impacted data in order to determine who, and what information, was involved.
“Based on the investigation, the impacted data included name, date of birth, address, and social security number. The county encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and monitor credit reports for suspicious activity. All individuals receiving notification will be offered one year of credit monitoring services, at no charge.
“In addition to launching an internal investigation into this incident, the county is reviewing its existing policies and procedures and will implement additional safeguards to protect data, as needed.”
Commissioners issue joint statement
“The security of information in our care is among Clearfield County’s highest priorities. We are committed to protecting our resident’s information against ever-evolving and pervasive cyber threats. We will continue to invest in the internal processes, tools, and resources necessary to reduce the likelihood that this can happen again,” the commissioners said.
Commissioner Dave Glass said yesterday since the matter is still under investigation, the press release is all they could say at the moment and asked the media to submit any followup questions in writing because they would have to undergo legal review.
The Progress submitted several questions such as, how many people were affected and who are they were, how did the virus penetrate the county’s security, and did the perpetrators issue any ransom demands.
The commissioners did not respond prior to press time.