South Dakota COVID-19 data breach being investigated by the FBI
PIERRE, S.D. — Those who have tested positive for COVID-19 in South Dakota may have had their personal information compromised.
On June 19, 2020, the South Dakota Department of Public Safety’s State Fusion Center received word of a data breach. The breach effected Netsentail.com INC., a web development firm that is used by law enforcement agencies and fusion centers nationwide.
There have been multiple public reports that a substantial amount of data has been leaked from a variety of Netsential’s clients.
Therefore, the department of public safety is sending out letters to individuals who have tested positive for the virus to notify them of the breach. The breach in information is under investigation by the Federal Bureau of Investigation.
This spring, the Fusion Center used Netsential’s services that developed a secure online portal for the assistance of first responders. The portal assisted first responders to identify people who have tested positive for COVID-19. While law enforcement members weren’t given a list of people who tested positive for the virus, they were able to call a dispatcher to verify if an individual has tested positive.
The information was stored on Netsential’s servers and access was given to a select number of South Dakota officials. Those individuals who where given access were also trained in handling the ability to handle the data along with a password for accessing the sensitive information.
Despite attempts to ensure that the information could not be accessed from a third party, Netsential added certain labels to the file which allowed it to be viewed by a third party.
The following information is believed to be compromised for individuals who tested positive for COVID-19:
- Birth Date
- COVID-19 status
This does not include financial information such as social security numbers or internet passwords.
The letter can be viewed below.