In December 2020, a third-party service provider used by the State Auditor’s Office (SAO) suffered a security breach exposing a large cache of sensitive information.
The SAO determined that the following information was compromised in the hack:
- Personal information of people who filed for unemployment claims from January 1 to December 10, 2020.
- State employees, as well as people whose identities were used fraudulently to file for claims in early 2020.
- Personal information of a smaller number of people, including data held by the Department of Children, Youth and Families.
- Non-personal financial and other data from local governments and state agencies.
At this time, the Auditor has not indicated which cities were impacted by the hack, nor has it provided more detail about the information that was stolen.
While this breach is under investigation and into the future, we recommend that all cities remain vigilant in defending themselves against cybersecurity attacks. MRSC has a number of available resources including a self-assessment tool for local governments.
For more information and resources related to the data breach, please visit the SOA’s website.