Updated: Moffat, Rio Blanco County jurors among those caught up in Colorado Judicial Department intranet security breach
Local law enforcement has encouraged citizens to heed a confusing letter that arrived in many Moffat County mailboxes last week.
“I think it is a scam. I’ve been talking to a lot of people and that is what they think,” said Craig resident Corky Coverston who received the letter last week.
The letter, from the Office of the State Court Administrator, warns the receiver that some of their personal information was inadvertently posted to one of the Colorado Judicial Department websites.
Though it looks suspect, Craig police say the warning is legitimate.
“This (letter) is not a scam! If you received the notice, please take a moment to review it, and contact the Office of the State Court Administrator directly at firstname.lastname@example.org with any questions,” states a message posted on the Craig Police Department Facebook page.
The leak exposed jury data containing names, social security numbers and dates of birth that could be used by the unscrupulous to commit identity theft.
As data was not accessible using external search engines and was only accessible via the department intranet, the department believes there was a low risk.
“For anyone to find this data it would have taken a specific kind of search, for those reasons we think the risk is low, but as a precaution we think it’s prudent for people to place a fraud alert on their information,” said Colorado Judicial Department Spokesman John Sarche.
Fraud alert services are provided to consumers as part of Colorado’s Consumer Rights by contact one of the three credit reporting agencies to request a freeze. The callers identity must be verified using social security number and current address.
“Our understanding is that it is free and effective,” Sarche said.
Another concern being raised is the length of time for the judicial department’s letter to reach Moffat County.
Sarche said that the data breach was discovered and reported by an individual in Alaska searching on the department’s website on July 27. Access to the data was removed soon after, an analysis of the breach was conducted and site security improved. The analysis determined that the breach impacted over 600,000 files. A letter was prepared to go out to all impacted individuals. That letter dated Aug. 14 was sent through bulk mail services in batches.
“And that’s why it is taking so long,” Sarche said.
Many people in Moffat County were confused by the letter.
“The letter is very confusing and it raises a lot of questions in my mind,” said Craig resident Terry Carwile who received a letter earlier in the week.
He’s not alone in his concern.
“If you look at the bottom of the letter and you see the list of counties, we are not in those counties,” Coverston said.
Not everyone in the state was impacted, but some people in each of Colorado’s 64 counties were impacted, and the data for people in Crowley, Pueblo, Rio Grand and Weld county was externally accessed.
“Those four counties are ones where we know someone outside of the department accessed the data. For all other counties, the information was exposed in the same way, but we don’t have any indication that anyone outside the department accessed the data,” Sarche said.
He reiterated that while the risk of the data having been stolen is low, there is some risk.
Placing a fraud alert is “a prudent step to take,” Sarche said.
Recommendations for preventing identity theft from USA.gov are provided and a copy of the letter from the Office of the State Court Administrator can be found in the online version of this story at Craigdailypress.com