An Open Public Records Act request that seeks information on the hack into the East Windsor Township computer system has been filed by an East Windsor resident.
The OPRA request, which was filed May 9 by Raphael M. Copeland, was sent to Township Manager James Brady, Municipal Clerk Allison Quigley and Deputy Municipal Clerk Meredith DeMarco.
A response to the request must be made as soon as possible, but not later than seven business days after the request has been made, provided that the record is readily available and not in storage, according to the state Government Records Council.
More than a dozen items are being requested, including the date when East Windsor Township officials became aware of the compromise to its computer system and how it became aware of the incident. The request seeks “documentation and any forms submitted or received.”
The OPRA request asks for information on when and how East Windsor Township reported it to the New Jersey State Police and the state Department of Homeland Security. State law requires the two agencies to be notified of any computer breaches.
“All documentation as to the scope and nature of the incident that is currently known” and “all documentation as to what personal records were released” also has been requested, plus plans to reimburse residents for the costs they incurred for identity theft protection and virus damage.
A digital copy of the township’s cyber response plan, the name and address of the company investigating the incident and the amount that it is being paid to investigate and protect data is being sought.
“Any and all correspondence between the mayor, township clerk and/or township manager and any local, county, state or federal offices, local businesses or private citizens regarding the incident” has been requested.
The OPRA request seeks information on all email correspondence and records containing the phrase “Citizens for East Windsor” – which is a private Facebook group – as well as all correspondence between Brady and any newspaper or media outlet.
More than two months after East Windsor Township’s computer system was compromised by unknown hackers, township officials have not divulged who was behind the hack nor any of the steps being taken to prevent future incidents.
East Windsor residents are still in the dark about how the hack occurred, the number of residents or businesses affected, and the nature of the information that was stolen and that may affect them – and that is the reason for the OPRA request.
Neither Mayor Janice Mironov or Township Manager James Brady responded to an April 27 email request from The Windsor-Hights Herald that asked for similar information.
The Windsor-Hights Herald received an email from a concerned resident March 3, which stated that the township’s computer system had been hacked the prior week, in late February or early March.
The resident’s email to the newspaper stated that residents had been receiving emails purportedly from East Windsor Township and that contained computer viruses. The email addresses of residents who had contact with the township in the past had been obtained by the hackers.
The Windsor-Hights Herald contacted Mironov by email March 7 and March 14 for comment and explanation, but she did not respond.
East Windsor officials did not publicly acknowledge the incident until March 15, despite state law requiring notification to anyone who may have been affected by the security lapse. The law applies to businesses and public entities in New Jersey. East Windsor Township is a public entity.
The East Windsor Police Department acknowledged the security breach in a press release issued March 15. It stated that township officials “became aware of suspicious activity related to the municipal building’s computer system” on March 7.