A U.S. Tax Office has said it blames a computer virus for initiating a data breach that hit more than 450,000 residents.
The 450,000 residents of Polk County, Florida, were caught up in a wide-sprawling data breach after an employee at the Floria Tax Collector’s Office opened an email purporting to be an invoice, that was actually malware in disguise and led to its systems being breached.
Hackers were able to access more than 450,000 social security records, as well as driver’s licence numbers, according to the agency.
Joe Tedder, who works for the Tax Collection agency said that his office had been “subject to a new strain of a targeted computer virus attack not seen before.”
He said that his IT team “quickly recognised” the malware, and “took immediate action to mitigate the threat.”
“We believe exposure was very limited,” Tedder told news agency WFLA.
He confirmed that the office was quick to wipe its PCs of all data, and were restored after being wiped. In addition, the office hired third-party information security specialists to examine the scale of the data breach, and determine whether or not further taxpayer data had been accessed.
“Although the investigation found no evidence that any information was misused, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements for unusual activity or errors.”
“The Tax Collector’s Office is currently able to report that we did not lose access to our systems, backups, or other operational data. However, in an abundance of caution to address this new strain of computer virus, TCPC has implemented additional safeguards to further secure system information.”
Phishing, or spear-phishing campaigns like the one that hit the Tax Collector’s Office are becoming increasingly prevalent, with the demands of hackers also rising if the organisation is hit by a ransomware attack.
An Information Security Management System remains one of your best options when it comes to mitigating the threat of cyber attacks, and provides systems as well as training for your staff to identify fraudulent attacks via disguised emails at accessing your organisation’s sensitive internal and client data.