East Windsor Township officials are offering free access to credit monitoring, fraud consultation and identity theft restoration services to residents who may have been affected by the recent breach of the township’s computer system.
The East Windsor Township Council approved an agreement with Experian Consumer Services Identity Works in a resolution adopted by the council at its May 24 meeting. The company will be paid $1,560 for its services. The enrollment period ends Aug. 31.
While there is no evidence of any misuse of data, including any personal information, East Windsor Township officials decided to offer access to Experian’s services. A letter informing residents of their ability to take advantage of the offer has been mailed through the U.S. Postal Service.
The letters have been sent to residents for whom up-to-date address information is available, including instructions on how to enroll in the complimentary service, officials said. Letters will continue to be sent out to residents who provide their current mailing address.
Township officials said they learned of the computer breach May 7 when employees reported to work and discovered suspicious activity on their work computers, but records indicate that officials were aware of a breach as early as March 2.
One township resident emailed the township to report suspicious emails March 2 and suggested sending out emails or posting on the township’s website to alert residents to fake emails. Residents continued to receive emails allegedly from the township during March.
But East Windsor Township officials waited to post a notice of a cyber attack on the township’s website until March 18. Township officials did not comment on the reason for the delay.
Township Manager Jim Brady received an email March 2 from a cyber threat intelligence analyst from the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), which stated that the agency’s email security tool had picked up a few emails that used a display name to spoof – or impersonate – East Windsor Township email users.
Brady replied March 3 to the cyber threat intelligence analyst, and wrote that the township was aware of the issue and its third-party email host/provider had fixed the problem.
“My response (to the NJCCIC) was what I knew at that time and date. I was told the spoof (email) was not coming from us. We worked with (the email provider) to fix it. That’s the information that we had (at that time),” Brady said.
Some people believe East Windsor officials knew about the computer system breach before March 7, but that’s not true, Brady said. The employees came to work March 7 and discovered the issue. The township hired cyber security experts to fix the problem.
Brady said that some time prior to March 7, an employee clicked on an email and downloaded a virus that “unknown to us” led to the township’s computer system being affected. The computer system was operational until March 7, he said.
Notification was made March 7 to the New Jersey State Police, the state Department of Homeland Security, the director of the NJCCIC and the Federal Bureau of Investigation (FBI). The township is continuing to work with those agencies, he said.
Brady said that as soon as the computer breach was discovered, steps were taken to block unauthorized access to the systems and mitigate any impact of access. Passwords were reset immediately.
East Windsor Township is continuing to review its existing security policies, Brady said. Additional measures have been implemented, including advanced endpoint monitoring on all township computer devices and servers to protect information in the township’s care.