City Subscriptions

                                                                      City Notifies Public of Email Phishing Scam

DULUTH, MN (October 31, 2016) – On August 22, 2016, the City of Duluth discovered that as a result of an email phishing incident, an unauthorized third party obtained access to an email account within the City Clerk’s office and in turn, may have accessed files containing certain personal information.

Upon learning of the incident, the City immediately disabled access to the email account, contacted law enforcement, and promptly commenced an investigation. The investigation revealed that the unauthorized access was initiated on August 14, 2016.

Based on the City’s investigation, it appears that the following information was contained in the City Clerk’s email account which could have been accessed by the unauthorized third party:

• A working copy of voter registration lists containing full name, address, and full date of birth of over 55,000 individuals. Most of this voter registration information is already publicly available data by State law. Specifically, a voter’s name, address, phone, and birth year are included in the public voter registration file. The file in the accessed email account included the full date of birth including month and day.

• A Business License Report containing full name, address, Federal Tax ID Number, and/or State Tax ID Number of approximately 400 businesses. A limited number of the businesses on the Report included a Social Security number. No other business information was contained on the Report.

• Business License Application Documents of four businesses containing full name, address, birthdate, Federal Tax ID Number, State Tax ID Number, Social Security Number, driver’s license number and/or passport number. No other personal information was contained in the documents.

• Internal job applicant information of 14 individuals containing personal contact information, driver’s license numbers, and/or position eligibility questionnaires.

The City has been unable to determine if the unauthorized third party accessed any of the above mentioned information. To date, the City is not aware of any reports of identity fraud, theft, or other harmful activity resulting from this incident. The City notified all potentially affected individuals about this situation, through written notification via U.S. Mail. The notification includes actions individuals can take to help protect their personal information. The City also notified and has been working closely with the Minnesota Secretary of State and the St. Louis County Auditor regarding the voter registration lists included in the accessed email account.

“The City takes this situation very seriously and we apologize for any concerns this situation has raised for our residents and affected businesses,” said David Montgomery, the City’s Chief Administrative Officer. “Maintaining the integrity of personal information is of the utmost importance to the City and we are devoting considerable time and effort to ensure affected individuals are fully informed.”

“As part of the City’s internal review of this incident, we are enhancing and modifying our electronic security protocol, employee training and tightening our network to prevent future occurrences,” said Montgomery.

This incident is the result of increasingly common email phishing scams. Due to the fact that the accessed email account contained a working copy of voter registration files, the City moved as quickly as possible to complete the necessary work to disclose the incident and inform affected individuals before the election on November 8. The Secretary of State’s office has confirmed that the official voter registration files held within its system were not accessed as a result of this incident, and the full integrity of these voter registration lists remains intact.

# # #