East Windsor Township computer system hacked

The Township of East Windsor’s computer system was compromised by unknown hackers, but it took township officials more than two weeks to publicly acknowledge the breach and notify township residents.

A message – “Cyber ​​Incident Notice” – scrolled across the top of East Windsor’s municipal website on March 18. He said officials “became aware of the cyber incident on March 7,” a week after the township learned of emails sent to recipients “which appeared to be from East Windsor Township officials.”

In fact, the Windsor-Hights Herald received an email from a concerned resident on March 3. The email said the township’s computers had been hacked the previous week, which would have placed it in late February or early March.

“Last week, the municipal offices of East Windsor were hacked, probably by individuals overseas. All of our email addresses have been dropped,” according to the March 3 email received by The Windsor-Hights Herald.

“We have received emails from the township containing viruses from unknown sources, and the whole township is in a panic. We don’t know what has been published. There have been dozens of reports about it on the networks social, and we were not notified at all (by the Township of East Windsor),” according to the resident’s email.

The Windsor-Hights Herald attempted to contact Mayor Janice Mironov by email on March 7 and again on March 14 for comment and an explanation. Mironov did not respond to emails.

East Windsor officials did not publicly acknowledge the incident until March 15 – despite state law requiring notification to anyone who may have been affected by the safety breach. The law applies to businesses and public entities in New Jersey.

State law requires any business or public entity that compiles or maintains computerized records containing personal information to report a security breach to the State Police Division of the Department of Law and Public Safety. East Windsor Township is a public entity.

Once the state police have been notified, the law requires that “customers” or data subjects “whose personal information has been or is reasonably suspected to have been accessed by an unauthorized person” be notified of the breach.

Notification to those affected by the breach must be made “promptly and without unreasonable delay consistent with the needs of law enforcement,” the state law says.

The Windsor-Hights Herald contacted New Jersey State Police on March 14 and was referred to the East Windsor Police Department. The New Jersey Department of Homeland Security was also contacted by email and said it could not confirm whether East Windsor had been victimized.

The East Windsor Police Department acknowledged the security breach in a press release issued on March 15 – but only after being contacted the day before (March 14) by the Windsor-Hights Herald, as advised by East Windsor Police. State of New Jersey.

The East Windsor Police Department news release said township officials “became aware of suspicious activity related to the municipal building’s computer system” on March 7. The system was taken offline and the township worked with cybersecurity specialists and government partners to restore operations. , the statement said.

East Windsor Police Service referred all requests for further information to Township Manager James Brady. He was contacted by the Windsor-Hights Herald on March 15.

Brady confirmed in a March 17 email to the Windsor-Hights Herald that township officials notified New Jersey State Police, the New Jersey Department of Homeland Security and the Federal Bureau of Investigation of the hack. computer science.

“If the investigation determines that data has been affected, the township will make appropriate notifications, as soon as possible, and in accordance with state and federal law,” Brady wrote in the March 17 email.

“The exact mode of notification, if required, will be determined based on the results of the investigation,” Brady wrote.

A “cyber incident notice” began scrolling across the top of the township’s website the following day, March 18. It stated that “in the week prior to March 7, the township became aware of the broadcast of emails which appeared to be from East Windsor Township officials.

“These emails are not official emails. Residents are advised to carefully review and review all emails that appear to be from an East Windsor Township email address, and not to click or open any attachments or links contained in the email.

Tips that the emails are fake include using foreign phone numbers in the email, such as 044-689-7850, fax 090-173-2994 and mobile 090-7569-0018. The fake emails also refer to financial documents or attached documents, according to the alert.

Residents who have not had recent business with the township should be cautious, especially if the emails appear to be from old business, the alert says.

The alert encourages residents who have questions about an email to contact the East Windsor Township Manager’s Office at 609-443-4000, ext. 246, or email [email protected]

“Cybersecurity specialists are investigating all aspects of these matters to assess what happened and identify any potential impact, including the source of the fake emails sent to residents,” the alert reads.

Gordon K. Morehouse