The City of Sun Prairie suffered data breach compromising residents’ personal information

• The investigation revealed that unauthorized third-parties gained access to some of the employees’ email accounts between January 16, 2019, and March 6, 2019.
• The compromised email accounts contained personal information including Social Security numbers, account login ID and passwords, driver license or state identification numbers, bank account numbers, medical information, and payment card information.

The City of Sun Prairie suffered a data breach after attackers broke into some of the employees’ email accounts that contained personal information of residents.

What happened?

The city became aware of the incident on March 06, 2019. Upon which, it hired forensics experts and conducted an extensive investigation to determine the nature and scope of the incident.

The investigation revealed that unauthorized third-parties gained access to some of the employees’ email accounts between January 16, 2019, and March 6, 2019.

What information was compromised?

• The city launched a labor-intensive investigation to determine the information contained in the compromised email accounts.
• The investigation found out that the compromised email accounts contained personal information including Social Security numbers, account login ID and passwords, driver license or state identification numbers, bank account numbers, medical information, and payment card information.

“While the investigation was unable to confirm what, if any, information that was accessed within the affected email accounts, the City is notifying individuals in an abundance of caution because we have confirmed that certain information was present in the affected email accounts,” the city said in a security notice.

What actions are being taken?

• The city is reviewing and updating the security measures on its systems to avoid such incidents from happening in the future.
• It is notifying the potentially impacted individuals about the incident and requesting them to remain vigilant and review account statements for any suspicious activity.

“The City is committed to protecting the confidentiality and security of all the information we hold in our care. The City has security measures, policies, and procedures in place to protect the data on its systems and it continues to review and update these measures as part of our ongoing commitment to the security of the information in our care,” the city said.