CT DSS Letters

Overview


Information on possible data breach

DSS Notifying Client Group of Possible but
Unconfirmed Data Breach from Phishing Attack

The Connecticut Department of Social Services (DSS) is offering free identity theft protection services to about 37,000 clients after investigating a possible data breach involving private health information.

DSS officials stressed that no actual disclosure of personal information was confirmed through extensive forensic reviews, but that identify theft protection services are being offered as a precautionary measure.

The investigation occurred after the state detected that ‘spam’ emails were being sent from the accounts of a number of DSS employees following a series of 'phishing’ attacks by external individuals or systems between July and December 2019.

DSS engaged state information technology resources and a forensic IT firm to determine the extent of the potential breach but, ultimately, could not determine that the information contained in the employee email accounts was accessed, acquired, used or disclosed by any person.  Due to the large volume of emails involved and the nature of the phishing attack, the forensic efforts could not determine with certainty that the hackers did not access personal information--however, the department stressed that no evidence was found to indicate the hackers did access client information.

DSS is sending letters to potentially affected clients, former clients and authorized representatives this week, explaining the situation and offering free identity theft protection services provided by ID Experts®, known as MyIDCare™.  The letter includes a toll-free number if recipients have questions.

DSS has also taken a number of steps to strengthen security protocols and training program to better protect personal information and help identify and protect against future phishing attempts.  The department has revised policies and procedures; trained or retrained employees about email security; launched a new security mentor training program that includes modules specifically targeting phishing and password protection; and related measures.

More broadly, the Connecticut Department of Consumer Protection offers tips for how to safeguard your identity, how to find out if you are the victim of identity theft, and what to do if your identity is stolen.

###

Copies of letters to DSS clients (English & Spanish):

261270_01_IDExperts_CT DSS StaticProof_1English

261270_01_IDExperts_CT DSS StaticProof_2Spanish

October 30, 2020