Cyber Incident Victim: Masters Touch, LLC

On October 23, 2019, malware infected eNoticesOnline.com, a property tax portal operated by Master’s Touch, LLC and used by Monroe County, Indiana, for taxpayers to view tax statements and assessments. The breach was discovered on November 1 when the county treasurer’s office received an alert about the incident. Investigators confirmed attackers deployed malware but found no evidence that unauthorized data files had been exfiltrated. Master’s Touch could not definitively determine whether intruders had viewed files during the intrusion window. The compromised data included taxpayers’ online portal usernames and passwords, but forensic analysis confirmed banking information and credit card details remained inaccessible to attackers. Monroe County Treasurer Jessica McClellan emphasized the portal’s 1,930 subscribers were the primary affected population. No county-operated systems beyond the third-party portal were compromised in the attack.

Master’s Touch LLC initiated forced password resets for all portal users following the containment of the malware. The company mailed breach notification letters to subscribers and established dedicated communication channels, including the email address [email protected] and a toll-free helpline (1-833-485-0211). The Monroe County Treasurer’s Office directed inquiries to its main phone line (812-349-2530) but did not assume responsibility for the third-party system’s security remediation. Treasurer McClellan advised taxpayers to update their portal credentials and any other accounts where they might have reused the same passwords. No ransomware deployment, financial fraud attempts, or secondary exploitation of the stolen credentials were reported in the initial disclosure. The incident remained confined to the Master’s Touch infrastructure without spreading to county government networks or financial processing systems.