March 21, 2012

News Release

For Immediate Release

City Website Fully Functional After Breach

The City's public web site is fully functional again after a website breach Feb. 17 where hackers accessed personal information of approximately 2,100 online visitors. These were citizens who had primarily filed online police reports.

As soon as the City was notified of the "hack," access to 31 online services allowing search and interactive capabilities was immediately halted. CityShare, the City's intranet site, was not affected.

City Manager Greg Burris sent a letter to all individuals whose information was accessed by the hackers. Some employees had utilized those web services, so they may have also received a letter notifying them of this breach.

"If you did not receive a letter, your information was not accessed. Personnel and other employee confidential information were not accessed in this breach," Burris explained. "Federal law enforcement agencies indicate they do not believe the information accessed from the City's web site was released, but we have no assurance."

To reduce the risk of harm from this incident, the City offered the potentially affected individuals a one-year subscription with Trusted ID, an identity theft protection company. About 400 individuals accepted that offer.

Information Systems and Police Department staff members worked with state and federal law enforcement agencies to analyze the breach and take corrective action. Several changes to the site both enhance security and help prevent future breaches. These changes include: dropping the requirement for social security number entry in the online police reporting section; building in automatic data transfers out of the system on a weekly basis; and in certain sections, such as online building permits, limiting the amount of records returned during a search, while still allowing a citizen to find the information that they need.

"We have systematically gone through every table of content on our public site and thoroughly analyzed both the functionality and security of the site. We think the improvements we made strike an appropriate balance in providing the public access to the information and online capabilities they desire with the need to protect information," said Jeff Coiner, Director of Information Systems.

State and federal law enforcement continues to investigate this criminal action, and the City awaits word from them as to the next step in this investigation.

For more information, contact: Cora Scott, Director of Public Information & Civic Engagement, 417-864-1009 (office) | 417-380-3352 (mobile), cscott@springfieldmo.gov

city of springfield

Department of Public Information

840 Boonville Avenue • P.O. Box 8368 • Springfield, MO 65801
417-864-1010 • Fax: 417-864-1114 • springfieldmo.gov