Cyber Incident Victim: Township of Maplewood

On December 9, 2018, malware was introduced into the computer network of the Maplewood Township Police Department in New Jersey. The unauthorized activity was discovered at an unspecified later date, prompting an immediate investigation by the Township. Maplewood Township engaged a third-party forensic investigation firm to determine the scope and nature of the incident. The investigation confirmed the malware's presence but could not ascertain whether any personal information stored on the network was accessed, viewed, or exfiltrated due to the malware's interference with forensic analysis. Potentially compromised data included individuals' full names or first initials combined with last names, Social Security numbers, driver’s license or state identification numbers, and financial account information such as account numbers, credit/debit card numbers paired with required access codes or passwords. No evidence emerged during the investigation indicating actual access to data or subsequent fraud or misuse.

Upon detecting the incident, Maplewood Township implemented containment measures to secure the affected network. The Township conducted a comprehensive reassessment of technical safeguards across all systems containing personal information and retrained employees on email safety awareness. Internal policies and procedures were reviewed for potential security enhancements. Authorities including the Federal Bureau of Investigation, New Jersey State Police, Essex County Prosecutor’s Office, and U.S. Department of Homeland Security were notified. As a precautionary measure, Maplewood Township issued notifications to all potentially affected individuals on August 7, 2019, advising vigilance against identity theft and providing contact details for credit monitoring resources. The Township established a dedicated assistance line and webpage for incident-related inquiries but did not report any confirmed cases of data misuse tied to the breach.