Computer servers operated by the city of Middletown were hacked remotely sometime overnight between Wednesday and Thursday, but the city’s Information Systems Department “is confident that there was no breach of data,” according to a release from the city.
The servers handled information about city payroll and human-resources information.
City Manager Doug Adkins declined to respond to most questions asked of him about the matter beyond what was issued in the city’s news release, including how the security breach happened and whether the city would hire an outside consultant to examine its electronic security. Adkins wrote in response to the questions: “You have what we intend to distribute at this time.”
Regarding whether residents’ financial data was compromised — because city government does use their credit-card information — Adkins replied via email: “We have the ability to accept credit card payments for city services, but none of that data was on this server or accessed in this incident. The public is not affected by this incident in any way.”
Here’s the news release the city sent out after this media outlet asked about the hacking.
“On Thursday, November 3, the City of Middletown Information Systems Department detected that the City of Middletown computer servers had been remotely accessed during the previous night. The server that was accessed contained City payroll and human resources information.”
“The City of Middletown Information Systems team is confident that there was no breach of data; therefore, no personal information regarding City of Middletown employees was compromised.”
“The Information Systems team and the Middletown Division of Police are continuing to investigate the incident. The Information Systems team has closed the access point to the server system that was accessed and cannot be accessed again to get into the City of Middletown’s server system,” the news release continued.
According to an email Adkins sent to city staff early Thursday afternoon, which this news outlet obtained through Ohio’s public-records laws, city officials cautioned employees to pay attention to their financial information after the incident.
Adkins wrote to staff: “As of this email, Information Systems and the Middletown Division of Police are continuing to investigate the incident. If breaches of personal information are later discovered, you will be advised immediately upon learning of the breach. Again, we are aware of no such breach at this time of anyone’s personal information.”
He also wrote employees: “The city would encourage every employee to be diligent in monitoring their credit and banking information at all times. As no compromise has been detected, no specific action is suggested at this time as a result of this incident.”
Adkins did not answer whether other law-enforcement agencies were investigating.