Home page logo

dataloss logo Data Loss mailing list archives

Investigation into security breach at Orleans County office building
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 4 Mar 2013 10:11:06 -0600


ORLEANS COUNTY, N.Y. — County officials learned last Wednesday that
around 25 of the 600 people employed by the county may have had their
identity compromised. Once officials found out, they started
investigating and alerting employees.

"Everyone’s been notified. We have notified all of our employees by
letter of the issue and then we notified the ones that were
specifically affected. We've notified them by letter and then we
additionally had a meeting," said Orleans County Chief Administrative
Officer Chuck Nesbitt.

Nesbitt says the county is unsure how the breach occurred. The
District Attorney’s Office is working with State Police to determine
the appropriate investigating agency.

"There's a diversity of victims here so many of them are county
employees from many different departments and what they're trying to
determine is who should be the investigating entity; whether it should
be the State Police or Attorney General’s Office," said Nesbitt.

While Nesbitt believes the situation has been contained, the county is
taking precautions.

"All the affected employees are going to be given at this point credit
monitoring service for one year to assure they don’t have any problems
related to this incident," said Nesbitt.

Nesbitt says there will be both a criminal and internal investigation
into the matter. He hopes it will wrap up in the next seven to 10
days. He says going forward, Orleans County will evaluate its security
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.

  By Date           By Thread  

Current thread:
  • Investigation into security breach at Orleans County office building Erica Absetz (Mar 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]