Cyber Incident Victim: City of Titusville
Date:
Nov 2020
Location:
United States of America
Summary
The City of Titusville experienced unauthorized access to an employee's email account over several months, potentially compromising sensitive personal information. While investigators confirmed the breach period and unauthorized entry, they found no evidence that specific emails or data were viewed or exfiltrated. A review of the account contents revealed accessible information including names, Social Security numbers, driver’s license details, financial account data, login credentials, medical records, health insurance information, and digital signatures. In response, the organization reset the affected account’s password, examined suspicious account rules, and initiated a review of security policies to prevent future incidents. Notification letters were sent to potentially impacted individuals as a precautionary measure despite the lack of confirmed data misuse.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or about February 4, 2021, the City of Titusville detected unusual activity in an employee’s municipal email account, prompting an immediate investigation. The inquiry determined that unauthorized individuals had accessed the account between November 19, 2020, and February 18, 2021. While investigators confirmed the intrusion timeline by May 13, 2021, they could not verify whether specific emails were viewed or extracted during the three-month compromise period. The city conducted programmatic and manual reviews of the account’s contents to identify potentially exposed sensitive information, completing this assessment on October 1, 2021. Analysis revealed the account contained personal data including names, Social Security numbers, driver’s license details, financial account information, payment card data, usernames with passwords, medical records, health insurance information, and digital signatures at the time of unauthorized access. No forensic evidence confirmed actual exfiltration or viewing of these records by threat actors. The municipality initiated internal record reviews to compile mailing addresses for notification purposes following the data mapping exercise.
Upon discovering the email compromise, Titusville reset the affected account’s credentials and examined it for malicious forwarding rules or other persistence mechanisms. The city emphasized its commitment to information security by initiating policy and procedure reviews to prevent recurrence, though specific technical or organizational changes were not detailed. Public notification occurred on October 28, 2021—over eight months after initial detection and nearly a year post-incident onset—advising potential victims to monitor financial accounts and credit reports despite acknowledging no confirmed misuse. Impacted individuals received guidance through the municipal website regarding fraud alerts and credit freezes, supplemented by a dedicated inquiry phone line. The response did not include offers of credit monitoring services or evidence of coordinated law enforcement involvement based on available disclosures.