Investigation into security breach at Orleans County office building

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://rochester.ynn.com/content/top_stories/643722/investigation-into-security-breach-at-orleans-county-office-building/

ORLEANS COUNTY, N.Y. — County officials learned last Wednesday that
around 25 of the 600 people employed by the county may have had their
identity compromised. Once officials found out, they started
investigating and alerting employees.

"Everyone’s been notified. We have notified all of our employees by
letter of the issue and then we notified the ones that were
specifically affected. We've notified them by letter and then we
additionally had a meeting," said Orleans County Chief Administrative
Officer Chuck Nesbitt.

Nesbitt says the county is unsure how the breach occurred. The
District Attorney’s Office is working with State Police to determine
the appropriate investigating agency.

"There's a diversity of victims here so many of them are county
employees from many different departments and what they're trying to
determine is who should be the investigating entity; whether it should
be the State Police or Attorney General’s Office," said Nesbitt.

While Nesbitt believes the situation has been contained, the county is
taking precautions.

"All the affected employees are going to be given at this point credit
monitoring service for one year to assure they don’t have any problems
related to this incident," said Nesbitt.

Nesbitt says there will be both a criminal and internal investigation
into the matter. He hopes it will wrap up in the next seven to 10
days. He says going forward, Orleans County will evaluate its security
procedures.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.