Updated: Moffat, Rio Blanco County jurors among those caught up in Colorado Judicial Department intranet security breach | CraigDailyPress.com

Updated: Moffat, Rio Blanco County jurors among those caught up in Colorado Judicial Department intranet security breach

A photograph of a letter from the Office of the State Court Administrator warning some Moffat County citizens that an intranet breach may have exposed jury data that included names, social security numbers and dates of birth. The Craig Police Department says that this letter is not a scam.

Local law enforcement has encouraged citizens to heed a confusing letter that arrived in many Moffat County mailboxes last week.

"I think it is a scam. I've been talking to a lot of people and that is what they think," said Craig resident Corky Coverston who received the letter last week.

The letter, from the Office of the State Court Administrator, warns the receiver that some of their personal information was inadvertently posted to one of the Colorado Judicial Department websites.

Though it looks suspect, Craig police say the warning is legitimate.

"This (letter) is not a scam! If you received the notice, please take a moment to review it, and contact the Office of the State Court Administrator directly at jurydata@judicial.state.co.us with any questions," states a message posted on the Craig Police Department Facebook page.

The leak exposed jury data containing names, social security numbers and dates of birth that could be used by the unscrupulous to commit identity theft.

Recommended Stories For You

As data was not accessible using external search engines and was only accessible via the department intranet, the department believes there was a low risk.

"For anyone to find this data it would have taken a specific kind of search, for those reasons we think the risk is low, but as a precaution we think it's prudent for people to place a fraud alert on their information," said Colorado Judicial Department Spokesman John Sarche.

Fraud alert services are provided to consumers as part of Colorado's Consumer Rights by contact one of the three credit reporting agencies to request a freeze. The callers identity must be verified using social security number and current address.

"Our understanding is that it is free and effective," Sarche said.

Another concern being raised is the length of time for the judicial department's letter to reach Moffat County.

Sarche said that the data breach was discovered and reported by an individual in Alaska searching on the department's website on July 27. Access to the data was removed soon after, an analysis of the breach was conducted and site security improved. The analysis determined that the breach impacted over 600,000 files. A letter was prepared to go out to all impacted individuals. That letter dated Aug. 14 was sent through bulk mail services in batches.

"And that's why it is taking so long," Sarche said.

Many people in Moffat County were confused by the letter.

"The letter is very confusing and it raises a lot of questions in my mind," said Craig resident Terry Carwile who received a letter earlier in the week.

He's not alone in his concern.

"If you look at the bottom of the letter and you see the list of counties, we are not in those counties," Coverston said.

Not everyone in the state was impacted, but some people in each of Colorado's 64 counties were impacted, and the data for people in Crowley, Pueblo, Rio Grand and Weld county was externally accessed.

"Those four counties are ones where we know someone outside of the department accessed the data. For all other counties, the information was exposed in the same way, but we don't have any indication that anyone outside the department accessed the data," Sarche said.

He reiterated that while the risk of the data having been stolen is low, there is some risk.

Placing a fraud alert is "a prudent step to take," Sarche said.

Recommendations for preventing identity theft from USA.gov are provided and a copy of the letter from the Office of the State Court Administrator can be found in the online version of this story at Craigdailypress.com

Prevent Identity Theft

Identity theft is a crime. Thieves steal personal information, such as full name or social security number, to commit fraud. The identity thief can use the information to fraudulently apply for credit, file taxes, or get medical services. These acts can damage your credit status, and cost you time and money to restore your good name. You may not know that you are the victim of ID theft until you experience a financial consequence (mystery bills, credit collections, denied loans) down the road from actions that the thief has taken with your stolen identity.

Here are 14 tips to guard against identity theft:

1 — Secure your social security number (SSN). Don’t carry your social security card in your wallet or write your number on your checks. Only give out your SSN when absolutely necessary.

2 — Don’t respond to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail or online.

3 — Contact the three credit reporting agencies to request a freeze of your credit reports. Equifax: 1-800-525-6285; Experian: 1-888-397-3742; TransUnion: 1-800-680-7289.

4 — Collect mail promptly. Place a hold on your mail when you are away from home for several days.

5 — Pay attention to your billing cycles. If bills or financial statements are late, contact the sender.

6 — Enable the security features on mobile devices, especially if you have contacts, banking websites and applications saved.

7 — Update sharing and firewall settings when you’re on a public wi-fi network. Consider using a virtual private network, which can give you the privacy of secured private network.

8 — Review your credit card and bank account statements. Promptly compare receipts with account statements. Watch for unauthorized transactions.

9 — Shred receipts, credit offers, account statements, and expired credit cards, to prevent “dumpster divers” from getting your personal information.

10 — Store personal information in a safe place at home and at work.

11 — Install firewalls and virus-detection software on your home computer.

12 — Create complex passwords that identity thieves cannot guess easily. Change your passwords if a company that you do business with has a breach of its databases

13 — Review your credit report once a year to be certain that it doesn’t include accounts that you have not opened. You can order it for free from Annualcreditreport.com.

14 — Report ID theft to the Federal Trade Commission online at IdentityTheft.gov or by phone at 1-877-438-4338.

Source: usa.gov/identity-theft