An email hack of a city employee may have exposed personal information of 10,700 utility billing customers, Charlottesville officials said Wednesday.
Officials said they are contacting the current and former utility billing customers to warn them that personally identifiable information may have been exposed by the unauthorized access to one employee’s email inbox.
At any given time, the city has about 25,000 current water and natural gas customers, officials said. Gas service extends into parts of Albemarle County.
City officials said they are unaware of any of the information having been misused but said they will contact all customers who may be impacted by the breach, which occurred between March 19 and April 22.
“During an investigation into the potential compromise of a single city employee’s personal information in an unrelated phishing scam, the city discovered that the email account of another employee was compromised,” Brian Wheeler, city spokesman, said in a news release.
“Upon learning of the issue, the city launched a thorough investigation in consultation with outside forensic experts who regularly investigate these types of incidents,” Wheeler said. “The investigation determined that the affected customers’ information, including names, addresses, Social Security numbers and, in some cases, driver’s license numbers, were available within this account.”
Wheeler said letters will be mailed to the affected individuals in the coming days with additional information about the incident and information on what the individuals can do to protect themselves and their information.
“The city regrets that this exposure occurred,” Wheeler said. “Our focus is on notifying the affected parties and ensuring that such an incident does not occur again.”
Wheeler said the city will provide employees with additional training on computer security and phishing scams and will implement new procedures about data sharing in internal emails and attachments.