Cyber Incident Victim: Polk County Tax Collector's Office

On June 23, 2020, at approximately 2:15 pm, an employee at the Tax Collector’s Office for Polk County (TCPC) clicked on a malicious email attachment disguised as an invoice, introducing malware described as a new strain of a targeted computer virus attack not previously encountered. The TCPC IT team quickly recognized the incident and took immediate action to mitigate the threat, shutting down the office’s entire computer system to prevent further spread of the virus. This shutdown included telephones, online processing systems, and service center operations, causing significant disruption to normal activities. Following containment, all office PCs were wiped clean and restored to eliminate the malware. Third-party computer forensic specialists were engaged to investigate the scope and impact of the breach, with their analysis concluding on July 11, 2020. The forensic investigation determined that the attack potentially exposed sensitive personal information, including Social Security numbers and driver’s license numbers, belonging to approximately 450,000 Polk County residents.

The investigation found no evidence that the compromised data was subject to actual or attempted misuse, with Tax Collector Joe Tedder stating the exposure appeared "very limited." Despite this assessment, affected individuals were advised to monitor account statements for unusual activity or errors as a precaution against identity theft. After restoring systems, the TCPC confirmed no operational data, backups, or system access was lost due to the attack. The office implemented additional safeguards to enhance information security but did not disclose specific technical details of these measures. A public statement issued on July 15, 2020, outlined the incident’s chronology and findings, emphasizing the rapid response and absence of confirmed data misuse. No further operational disruptions or data compromises were reported following the system restoration and security enhancements.