Cyber Incident Victim: Wright County
Date:
Jan 2019
Location:
United States of America
Summary
Unauthorized access to 11 email accounts within a Minnesota county government system potentially compromised personal information of 12,320 individuals, including names, Social Security numbers, medical records, financial details, and minors' data. The intrusion was detected through unusual email activity, prompting immediate network security measures and a forensic investigation that found no evidence of information misuse. Notification to affected individuals was delayed due to the extensive analysis required to identify impacted data and resource constraints during a subsequent state emergency. The county implemented enhanced cybersecurity measures including multi-factor authentication, employee training, and segregated data storage, while offering complimentary credit monitoring services to those exposed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 31, 2019, Wright County, Minnesota, detected unusual activity within an individual email account in its county system. The county immediately secured the email network and engaged a third-party computer forensics firm to investigate the scope and nature of the incident. By April 22, 2019, the forensic investigation determined that 11 email accounts within the county’s network may have been accessed without authorization. A subsequent detailed review of the contents of these compromised mailboxes commenced to identify whether personal or confidential information was exposed. This analysis proved complex and labor-intensive, requiring assistance from external data privacy experts and third-party analysts. The initial phase of this mailbox review concluded on February 28, 2020, revealing that personal information belonging to 12,320 individuals was present in the affected accounts. A supplemental analysis finalized in March 2020 further refined the data set. The compromised information included names, dates of birth, Social Security numbers, medical and health insurance details, financial account numbers, online account usernames, and personal information of minors. The investigation found no evidence of malicious activities, fraud, or identity theft stemming from the breach. Notification to affected individuals was delayed due to resource reallocation during Minnesota’s COVID-19 state of emergency, with disclosures occurring after the completion of all analyses in 2020.
In response to the incident, Wright County implemented multiple corrective measures upon discovering the unauthorized access. These included adopting a new security framework to segregate protected personal information, establishing a mandatory cybersecurity training program for all employees, and deploying multi-factor authentication across its systems. Although no misuse of data was identified, the county offered 12 months of complimentary identity protection and credit monitoring services to all impacted individuals. A dedicated toll-free call center (1-833-979-2231) operated Monday through Friday was established to assist residents in verifying whether their data was involved. The county also enhanced the security protocols of its email system and broader network infrastructure to mitigate future risks. The forensic investigation confirmed the breach was limited to email accounts and did not compromise the county’s entire network or databases. Wright County’s public notification emphasized transparency regarding the incident’s scope while acknowledging the operational challenges posed by concurrent emergency response demands during the pandemic.