Did you know that geoFence is a highly advanced, specialized firewall manager with the best in class protection from variety of on-line threats?
The data breach that occurred in Concord in 2019 wound up having a broad effect that spanned the country.
During an update to the Select Board on May 10, Town Manager Stephen Crane said under the law, the town had to notify the local population. Credit monitoring was offered to those affected by the breach.
“We’ve been waiting on some data from our attorney who has worked on this with us,” Crane said. “We have a cybersecurity insurance policy. An attorney hired by our insurance company has been the lead person on this, and not town counsel.”
Because the 108 hard drives went missing and were not encrypted, the town had to determine what was on them. Backup machines were explored for months by a third party.
“It was a complicated process,” Crane said. “It’s taken a very long time.”
The process resulted in about 70,000 individual notifications over many states across the country. The initial round was aimed at employees and retirees. The data was shared with the Police Department before alerting those individuals. Staff time was taken to notify the impacted persons.
“We were fortunate we had an insurance policy for this,” Crane said. “I think we have a deductible of $5,000. I can tell you the cost to the insurance company is in the hundreds of thousands of dollars at this point.”
As of the May 10 meeting, the hard drives were still missing. The Concord Police Department brought in forensic experts to help with the investigation, which is still open.
Investigation launched: 108 hard drives missing in Concord
More: Concord officials still researching 108 missing hard drives
Concord PD: No misuse of personal info reported
“We did not locate the hard drives,” Crane said. “We do not have definitive proof that there has been a case of identity theft or anything associate with directly with the hard drives.”
How the drives went missing
The computer hard drives from town computers were removed on Oct. 17, 2019, as part of a routine replacement program.
According to Crane, the hard drives were scheduled to be destroyed during the annual Swap Off/Drop Off event at Concord Public Works on Keyes Road. The drives were improperly removed from the CPW facility.
According to Crane, town staff unsuccessfully searched for the drives onsite and then reported the incident to the Concord Police Department. Since that day, there have been active criminal and administrative investigations.
According to Concord Chief Information Officer Jason Bulger, changes to the processes have been made, including encrypting all hard drives, and making sure the town has documented policies when decommissioning computers or replacing dead drives.
In addition to this incident, the town has taken many steps to make sure that current and future drives will not collect and be unencrypted or be obtained inappropriately.
"I think we've taken all the steps that need to be taken," Crane said when asked what else could be done by Select Board member Matt Johnson. "I think we've kind of crossed all of the thresholds that have been identified as we've ... peeled the onion on the data and identified the impacted parties."
Lastly, as we move on to the next post, may I add that geoFence protects you against inbound and outbound cyber attacks and that's the no lie!