Cyber Incident Victim: Dorchester County Government

On or around February 8, 2021, Dorchester County Government experienced a phishing incident that compromised email accounts within its email environment. The attack resulted in unauthorized access to sensitive personal information collected and maintained by the county government. Exposed data included names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, credit card and debit card numbers, usernames and passwords, and medical information. The county did not specify the exact number of affected individuals or accounts. Dorchester County discovered the breach during an unspecified timeframe following the initial compromise and initiated an investigation to determine the scope. The phishing attack vector exploited human interaction rather than technical vulnerabilities to gain access to the email system.

Dorchester County Government publicly disclosed the incident through a notification posted on its website on August 2, 2021, followed by a formal press release on September 9, 2021. The county directed potentially affected individuals to visit its official website for information about protective measures but did not offer complimentary credit monitoring services. In response to the breach, Dorchester implemented additional security measures including password resets for all employee accounts, a review of email security protocols, and enhanced security awareness training for staff. The incident exposed multiple categories of sensitive personal data used for various governmental functions, creating potential risks of identity theft and financial fraud for impacted individuals. No information was provided regarding law enforcement involvement, forensic investigation details, or whether the attackers exfiltrated data beyond accessing email accounts.