Cyber Incident Victim: Town of Christiansburg

The Town of Christiansburg disclosed a data security breach on November 29, 2018, resulting from a phishing scam that compromised email accounts belonging to three municipal employees. These accounts contained personally identifiable information (PII) of residents who had interacted with town services. The phishing attack enabled unauthorized access to sensitive data, though town officials stated no evidence emerged indicating misuse of the exposed information. Town Manager Randy Wingfield emphasized proactive transparency despite the absence of confirmed fraudulent activity, noting the town prioritized rapid notification to potentially impacted individuals. The breach affected 909 residents whose data resided in the compromised email systems. The town initiated an internal investigation that determined the scope of exposure and identified all affected parties through records associated with the targeted accounts.

In response, the Town of Christiansburg mailed individualized letters to all 909 impacted residents offering one year of complimentary credit monitoring services. This service aimed to detect potential misuse of personal information and provide identity theft resolution support. The town concurrently engaged external data privacy specialists to remediate vulnerabilities and enhance email system security protocols. Officials directed concerned residents to a dedicated phone line ((877) 769-5558) where individuals could verify their inclusion in the breach by providing their name and date of birth. Municipal operations continued without interruption during the remediation process, with the town maintaining public updates through its official website while refraining from disclosing specific technical details about the phishing methodology or the duration of unauthorized access.