The City of Newport, RI notified past and current employees of a potential data breach originating from a six-week-old security incident.
On June 9, the city identified what it referred to as “unusual network activity” that caused certain systems to “become unavailable.” While the city of Newport did not reference the type of attack it suffered, the wording suggested that it might have been hit by a ransomware attack.
After learning of the breach, the city took steps to secure its network and investigate. It also notified law enforcement (which is required by law in case of a cyber incident) and has been assisting authorities with the investigation.
A root-cause analysis showed that hackers gained unauthorized access to the city’s systems the day before the breach was discovered, on June 8. When the city detected the breach, threat actors had already stolen data stored on the city’s file servers.
Careful review revealed that the files contained “information used for human resources and benefits purposes for certain current and former employees and their spouses and/or dependents, including names, addresses, dates of birth, Social Security numbers, financial account numbers used for direct deposit, and information related to group health insurance,” read the notice.
On July 22, the city started mailing letters to those impacted by the attack and arranged for them to receive a complimentary membership for identity monitoring services.
“The City takes this matter very seriously and regrets any inconvenience or concern this incident may cause,” it added in the notice. “To help prevent something like this from happening again, the City is taking steps to further enhance the security of its network.”