Broome County in New York suffered a data breach after unauthorized parties gained access to employee email accounts and payroll accounts.
The big picture
Broome County became aware of changes to a County employee’s direct deposit information on January 2, 2019. Upon which the County’s internal IT team immediately conducted an investigation to determine the nature and scope of the incident.
The investigation revealed that an unauthorized third party gained access to numerous County employee email accounts and County employee PeopleSoft accounts via credentials harvesting phishing email.
The County then retained a leading computer forensics expert to determine the impact of the incident and found out that an unauthorized individual accessed the employee email account between November 20, 2018, and January 2, 2019.
Who all are impacted?
On April 1, 2019, after a thorough review of the email accounts, the County identified all the potentially impacted individuals.
The impacted individuals include employees and clients associated with the following divisions and departments,
What data was involved?
What actions are being taken?
The County is working to implement additional safeguards and security measures to enhance the privacy and security of its patient information. This includes implementing two-factor authentication and providing training to employees.
“We take this incident very seriously, and we have been working diligently, with the assistance of third-party forensic investigators, to determine the full nature and scope of this incident. We are taking additional actions to strengthen the security of our email systems moving forward,” the County said in a security notice.