On Monday, October 11, 2021, CEO learned that it was the target of a sophisticated and well executed cybersecurity attack, affecting the servers supporting our daily operations. Over the last week, CEO has taken immediate action to suspend all affected systems, and resolve the situation. As you know, our IT department has been working with a team of cyber-security consultants to determine the source and extent of the breach, and to restore functionality to all systems as soon as possible.  We have also notified the local and federal authorities of this attack.

Unfortunately, over the past week’s diagnostic work, it has become clear that sensitive customer data may have been compromised during this cyber-attack.  CEO will be reaching out to affected individuals as soon as additional information is available. We are pleased to report that there is no evidence of employee data having been compromised.

During the next few days our Email Exchange, Active Directory, and Data servers will be back up and running, along with some other operational servers. We should have the Data server (G: drive) up tomorrow, followed by the Email Exchange Server over the weekend. Please note that the email server, in particular, might be slow to load emails from the last two weeks, and “receive dates” might reflect the date they actually arrive. Those that may have been trying to reach you via email may also have gotten a notification that the email was not delivered during this past week. Additionally, any work that was being saved to the G: drive on Friday, October 8 may have been lost.

While we are excited to be moving to this next phase of recovery, we need all staff to understand that many changes to how we approach the storage of and access to data will need to be updated to protect us in the future.

At the recommendation of our attorney and IT consultants, the following changes will be in effect immediately:

• There will no longer be access to the webmail portal for CEO email as this has been identified as one of the leading vulnerabilities and sources of cyber intrusions, in organizations across the country. Please talk with your manager about other options available to you if this has been a primary point of access for you.
• Email on cell phones will be temporarily disabled until we can pursue multi-level authentication, and review which staff will need access, before finding a more secure set up.
• Please refrain from sending any sensitive customer or personal information moving forward. For those positions that require it, we will be looking into email encryption over the coming weeks.
• Network pass phrases will now need to be updated every 60 days.
• An agency wide cleanup of the G: drive will be required over the coming weeks. More information will be coming soon on file retention and management.
• Additional trainings on cybersecurity will also be coming soon.

Thank you for your patience and assistance during this time!