DEERFIELD – An unauthorized third party viewed or acquired the personal information of several residents in a March 25 data breach.
Springbrook Software, Deerfield’s data storage provider, notified the town of the incident after it completed an investigation May 6 and the town made a formal announcement Aug. 31 after residents received notification of the breach.
Town Administrator Kayce Warren said the long period of time between Springbrook’s May 6 notification and this week’s announcement is a result of Deerfield going through its own “detailed” investigation process, which involves hiring outside organizations to investigate the incident and draft up the notification letter.
“This is one of the steps,” Warren said about notifying residents by mail. “The timeline is unfortunate.”
Warren said she was could not share what specific personal information was viewed or taken because it varied for each resident.
“We went through an entire investigative process after we were notified by Springbrook Software,” Warren said. “All we know is it was possible an unauthorized third party may have reviewed or acquired personal information.”
She added the notification process, which is required by law, allows people to monitor their personal information in the case it is used fraudulently in the future.
“The reason the law exists for the forensic process and notification is so we can get information out for people to watch these things,” Warren said, “because you don’t know what is going to happen.”
According to both the town of Deerfield’s Facebook page and a photo of the letter sent to residents posted on Facebook, there has been no evidence that people’s personal information has been “specifically misused as a result of this incident.” Residents whose data was breached are offered “free credit monitoring and identify theft protection services through a cyber security vendor for 24 months.”
“Again, at this time, there is no evidence that your information has been misused,” the letter states. “However, we encourage you to take full advantage of this service offering.”
Warren said the town has insurance for this sort of event and encourages anyone affected to get in contact with Kroll, which is described on its website as providing “services and digital products related to governance, risk and transparency.” She added these types of data breaches have become more prevalent over the last year, especially in municipalities.
“Unfortunately its not something I would have wished on anybody, but its very prevalent,” Warren said. “We are really sorry about the unfortunate incident.”
According to the letter, Kroll representatives have been briefed on the breach and a Deerfield-specific incident line has been set up for residents with further questions at 855-651-2677.
A Kroll spokesperson said company policy does not allow them to comment on particular incidents.
Springbrook Software did not respond for comment.
Source: https://www.recorder.com/Deerfield-residents-victim-of-security-breach-42259800?&web_view=true
