Unauthorized access to Wright County network in 2019
On January 31, 2019, someone accessed 11 email accounts of the Wright County’s network. The information accessed potentially included names, dates of birth, Social Security numbers, medical and/or health information, health insurance information, financial account numbers, usernames for on-line accounts and/or personal information belonging to minors.
Once the unusual activity was discovered in an individual email account in the Wright County system, the county hired a third-party computer forensics expert to conduct an investigation. The initial analysis was completed on February 28, 2020 and revealed that personal, private or confidential information of 12,320 individuals was contained in the affected mailboxes. Additional analysis on the data sets commenced immediately and was completed in March 2020. The investigation found no malicious activities related to this intrusion by April 22.
However, as a precaution for the residents, Wright County offered 12 months of identity protection and credit monitoring services free of charge to any individual whose information was identified as potentially being compromised. The county also implemented a new security policies, created an employee cybersecurity training program for all employees and implemented a multi-factor authentication process.
Data breach in Wright County 2016 — sensitive data stolen by employee
IIn December 2016, a Wright County senior developer in the IT department, Timothy Lorsung, copied a database full of sensitive personal information onto a USB drive. This information included social security numbers of over 1,000 people and impacted over 72,000 people.
Wright County knew about the data breach for 7 months before notifying possible victims. Only after FOX 9 filed a public records request, Wright County notified the victims of the data breach in November. According to the Minnesota state statute, a government entity that collects private data “must disclose any breach” through “written notification” to anyone who may have been affected.
“Yes, I wanted to work at home.”Timothy Lorsung
In his interview to 5 EYEWITNESS NEWS on December 14, 2018 Lorsung said he “didn’t sell it, didn’t do anything to it, there’s data in there I didn’t even know I had.”
Wright County’s official response is that “No evidence has been found that indicates there was any sale or distribution of the private data. The data was recovered and returned to the county by law enforcement.” Wright County officials say there is an active criminal investigation underway.