News and Press Releases

Print
Press Enter to show all options, press Tab go to next option

For media inquiries or questions regarding press releases, please contact:

Charlottesville Office of Communications
Brian Wheeler, Director of Communications
434-970-3129
wheelerb@charlottesville.org

To watch live streaming video of Charlottesville's Own TV10, the City's news and information channel, click here

 

Some current and former utility customers to be notified in relation to security breach

Post Date:09/25/2019 1:00 PM
City Seal
Media Contact
Brian Wheeler
Director of Communications
434-970-3129
FOR IMMEDIATE RELEASE
September 25, 2019

Some current and former utility customers to be notified in relation to security breach

No evidence any utility customers had their personal information used improperly

CHARLOTTESVILLE, VA - The City of Charlottesville is in the process of notifying about 10,700 of its current and former utility billing customers that a limited amount of their personally identifiable information may have been exposed via unauthorized access to a single City employee’s email mailbox. At any given time, the City has about 25,000 current water and natural gas customers.

At this time, the City is not aware of any misuse of the personal information of any of the individuals being notified as a result of this security incident. Out of an abundance of caution, the City is informing all affected parties about the incident.

During an investigation into the potential compromise of a single City employee’s personal information in an unrelated phishing scam, the City discovered that the email account of another employee was compromised during the period of March 19, 2019 to April 22, 2019. Upon learning of the issue, the City launched a thorough investigation in consultation with outside forensic experts who regularly investigate these types of incidents. The investigation determined that the affected customers’ information including names, addresses, Social Security Numbers, and in some cases driver’s license numbers was available within this account.

Letters will be mailed to the affected individuals in the coming days with additional information about the incident and guidance on steps the affected individuals can take to protect themselves and their information.

 The City regrets that this exposure occurred. Our focus is on notifying the affected parties and ensuring that such an incident does not occur again. We take matters related to securing our computer systems and the confidential information of our employees, citizens, and customers very seriously.

Due to persistent and pervasive cybersecurity threats facing the City of Charlottesville, our Information Technology Department takes a proactive approach to preparing for threats to infrastructure, computing devices, user accounts and identification, data, and applications through cybersecurity protocols and procedures, advanced security hardware, software, and services, and the administration of cybersecurity awareness campaigns and training for the City staff.

The City has also taken this incident as an opportunity to provide employees with additional training related to computer security and email phishing scams and to implement new procedures about the sharing of sensitive data internally via email and in email attachments.

###
Persons with disabilities may request reasonable accommodations by contacting ada@charlottesville.org or (434) 970-3182.
FacebookTwitter
Return to full list >>