Cyber Incident Victim: Town of New Milford

On or around October 3, 2019, the Town of New Milford, Connecticut, detected unusual activity within its email system. The Town promptly initiated an investigation into the anomalous account behavior, engaging third-party forensic experts to assist. The investigation confirmed unauthorized access to certain emails within the Town’s email environment by an individual whose identity or affiliation was not disclosed in available sources. Upon discovery, the Town immediately terminated the unauthorized access to prevent further intrusion. The compromised email environment contained personal information belonging to individuals affiliated with the Town, including current and former employees and residents. The specific types of personal data exposed were not detailed in the notice. The Town stated it had no evidence indicating misuse of any accessed information as of December 20, 2019.

The Town implemented containment measures by revoking the intruder’s system access upon identifying the incident. Local law enforcement was notified, and the Town maintained ongoing cooperation with their investigation. Internal reviews of security protocols were conducted, with commitments to enhance safeguards to prevent recurrence. Public notification occurred on December 20, 2019, approximately eleven weeks after detection, advising potentially affected individuals about the breach despite the absence of confirmed misuse. The notice emphasized the Town’s efforts to secure its systems but did not specify technical details about the attack vector, duration of unauthorized access, or exact number of impacted individuals. No ransomware deployment, data exfiltration claims, or financial demands were referenced in the provided source material.