PA Department of Corrections informs individuals of security incident
The Pennsylvania Department of Corrections sent letters to employees, inmates and other individuals to notify them that their personal information may have been compromised due to an incident with security at a third-party vendor, according to a press release.
HARRISBURG, Pa. - The Pennsylvania Department of Corrections sent letters to employees, inmates, and other individuals to notify them that their personal information may have been compromised due to an incident with security at a third-party vendor, according to a press release.
The press release stated that this incident took place on April 3 at Accreditation, Audit and Risk Management Security, LLC. They are a vendor that provides an online system so that the Department of Corrections can conduct audits and inspections.
The third-party vendor notified the Department of Corrections of the security incident on April 9, which was when Accreditation, Audit and Risk Management Security said they became aware of the security breach.
According to the press release, the company said that the system was accessed without their consent and some information was compromised.
The exact contents of the data remain unknown, but may include individuals' full names, driver's license numbers, home addresses, Social Security numbers and/or medical information, stated the press release.
The following information is from a press release sent out by the Department of Corrections:
"Upon learning of this security incident, the Department of Corrections moved quickly to limit any potential harm to individuals and made contact with the authorities," said Corrections Secretary John Wetzel. "We have identified potential risks and notified individuals who may be affected, as well as provided help to ensure their credit is protected."
Directly following the incident, the DOC's data was removed from the AARMS server and returned to the DOC. The DOC has engaged relevant authorities, including the FBI, to obtain further information regarding the incident.
The data is currently maintained within the commonwealth's secure infrastructure, where it continues to be vigilantly protected. The commonwealth's information technology infrastructure remains secure and has not been affected by the AARMS security incident.
While the DOC cannot confirm that any DOC data was included in the data exported by the unauthorized access, the agency is not aware of any misuse of any individual's personal information. Out of an abundance of caution, the DOC will be offering credit monitoring and protection for one year at no cost to all potentially affected individuals.
The DOC has identified approximately 13,100 inmates, 680 employees and 11 others who may have been affected by the incident. Those who do not receive a notification letter are not within the identified scope of potentially affected individuals.
21 News Anytime, Anywhere.
Download the app
Watch on TV
Connect on social media
