Cyber Incident Victim: City of Sun Prairie
Date:
Jan 2019
Location:
United States of America
Summary
An unauthorized party gained access to multiple employee email accounts within a municipal government for nearly two months, potentially compromising sensitive personal information including Social Security numbers, financial account details, medical records, driver's licenses, payment card data, and login credentials. The breach was detected following suspicious activity in one account, prompting a forensic investigation that confirmed unauthorized access to several accounts during the incident period. While investigators could not confirm specific data exfiltration, the municipality notified potentially affected individuals as a precaution due to confirmed presence of sensitive information in the breached accounts. The organization emphasized its existing security protocols and commitment to enhancing protective measures while advising vigilance against identity theft and fraud.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 16, 2019, an unauthorized party gained access to multiple employee email accounts within the City of Sun Prairie, Wisconsin's systems. The intrusion persisted undetected for nearly two months until March 6, 2019, when city officials identified suspicious activity within one employee's email account. A forensic investigation confirmed unauthorized access to several accounts between the initial January intrusion date and the March discovery date. The compromised email accounts contained sensitive personal information, including Social Security numbers, driver’s licenses, state identification numbers, financial account details, medical information, payment card data, and account login credentials. While investigators could not definitively confirm whether the intruder viewed or exfiltrated specific data during the two-month period, the presence of this information in the affected accounts prompted the city to issue breach notifications as a precautionary measure. The city emphasized its existing security protocols but acknowledged the breach occurred despite these safeguards.
Following the discovery, Sun Prairie initiated a forensic review to determine the breach's scope and identify impacted individuals. The investigation involved a labor-intensive analysis of email account contents to catalog exposed personal information. On June 24, 2019, the city publicly disclosed the incident, warning approximately 30,000 residents of potential risks including identity theft and financial fraud. Affected individuals were advised to monitor account statements, review credit reports, and remain vigilant against suspicious activity. Sun Prairie established a dedicated hotline (1-877-202-9025) to address inquiries but did not offer complimentary credit monitoring services. Officials reiterated their commitment to evaluating and updating security measures, policies, and procedures in response to the breach, though no specific technical remediation steps or attacker attribution details were disclosed. The city’s response focused on transparency regarding the exposure timeline and data types while maintaining that the full extent of unauthorized access remained unconfirmed.