Around 9 a.m. on Tuesday morning, the county experienced a round of “spear-phishing” attacks were made in order to gain log-in credentials to the county’s sensitive data.
Whoever was behind it tried to steal data, including personal identification, credit cards, health records, financial information and more. Within 15 minutes they received 100 e-mails across the county that were flagged immediately.
The director of information technology for Grand Traverse County, Cliff DuPuy, says the way emails were tailored for each recipient shows the level of sophistication the attack had.
“Everything we do is in public information. So they knew the sheriff and they knew a suspect that they’d been working on that they must have looked up some court cases because the judge was specific to a court case with a case number. And then for the treasurer downstairs, it was regarding a hardship application for having their taxes taken, their past due taxes extended,” DePuy said.
The county’s cyber security software was able to flag the attack immediately and no data or hardware was compromised.
