Cyber Incident Victim: North East King County Regional Public Safety Communication Agency
Date:
Dec 2013
Location:
United States of America
Summary
A server belonging to the North East King County Regional Public Safety Communication Agency (NORCOM), which handled emergency communications for public safety agencies, was breached, compromising approximately 6,000 medical response records from three fire departments. Exposed data included names, addresses, birth dates, driver’s license and Social Security numbers, medical conditions, and details of emergency calls, impacting both individuals who placed calls and 231 current and former firefighters. The agency coordinated with local and federal law enforcement to investigate the incident, notified affected parties, and decommissioned the compromised server, which was not linked to active 911 systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late December 2013, the North East King County Regional Public Safety Communication Agency (NORCOM) experienced a breach of a server storing approximately 6,000 emergency medical response records. The compromised data included names, addresses, dates of birth, driver's license numbers, Social Security numbers, nature of emergency calls, initial medical conditions, and limited medical information for individuals who placed emergency calls through three Washington state fire departments: Duvall Fire District 45, Skykomish Fire Department, and Snoqualmie Pass Fire & Rescue. Personnel records for 231 current and former full-time and volunteer firefighters associated with these departments were also exposed. The breached server, which was not connected to NORCOM's 911 computer system, contained medical response call records spanning an unspecified timeframe prior to the incident. NORCOM discovered the breach shortly after it occurred but did not disclose the specific date of detection or the technical method of intrusion.
NORCOM initiated a coordinated response upon discovering the breach, engaging the Bellevue Police Department and the United States Secret Service's Electronic Crimes Task Force to investigate the incident. Executive Director Tony Orr confirmed the agency took immediate steps to analyze the breach's scope and permanently decommissioned the affected server. Beginning January 13, 2014, NORCOM commenced direct notifications to impacted individuals and established a dedicated information hotline and email support channel for breach victims. The agency did not specify whether credit monitoring services were offered or disclose forensic findings about potential data misuse. No evidence suggested compromise of active 911 dispatch systems or real-time emergency response operations during the breach. The incident exposed sensitive personal identifiers alongside medical response details but did not involve broader public safety communication infrastructure.