COVID-19 data breach in South Dakota now under FBI investigation
FBI is investigating a data breach believed to have compromised the identities of people in South Dakota who were infected with the novel coronavirus and went on to develop the illness COVID-19.
The South Dakota state agency notifying potential breach victims said the exposed files didn't include any financial information, Social Security numbers or passwords.
The Rapid City Journal reported Friday the South Dakota Fusion Center sent a letter to people who may have been affected by the June 19 data breach.
"The letter, dated Monday, says the state's fusion center used Netsential.com's services to build a secure online portal this spring to help first responders identify people who had tested positive for the coronavirus so they could take precautions while responding to emergency calls," reports AP:
The South Dakota letter said police in the state weren't given names but could call a dispatcher to verify positive cases. Houston-based Netsential added labels to the files that might allow a third-party to identify patients, the letter said, and the breach could have compromised people's names, addresses and virus status.
"This information may continue to be available on various internet sites that link to files from the Netsential breach," the letter said.
Netsential hosted the websites of more than 200 U.S., law enforcement agencies, most of them fusion centers like the South Dakota one affected. The company confirmed in June that its server had been breached.
The server was the source for a trove of files, dubbed BlueLeaks, that were shared online by a transparency collective called DDoSecrets. The collective said it had obtained them from a hacker who said they were sympathetic to anti-racism protesters.
Read more at the Rapid City Journal (SD): FBI investigating South Dakota COVID-19 patient data breach [reporting by iandhara Bonnet and Arielle Zionts]
And at the Associated Press: FBI investigating COVID-19 data breach in South Dakota