Blog

Originally aired on Action News Jax: Thousands potentially compromised in Jacksonville Beach, Beaches Energy cyberattack – Action News Jax

JACKSONVILLE BEACH, Fla. — A cybersecurity attack potentially compromised thousands of people’s private information, specifically those who have homes in Jacksonville’s three beaches, Ponte Vedra and Palm Valley.

The City of Jacksonville Beach sent out a statement, Wednesday, about a data security incident. The release stated the breach may have affected the privacy of information for certain employees of the city and customers of Beaches Energy Services, a utility that serves 35,000 customers according to its website.

Action News Jax learned on Thursday that the city was listed on a website found on the dark web. It has since been removed.

While the City of Jacksonville Beach won’t release how many people have been impacted, Action News Jax learned through the Maine Attorney General’s Office that 48,949 people have been impacted, including thirty-eight Maine residents. (Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches) We’ve reached out to the Florida Attorney General’s Office for comment but haven’t heard back.

“About a month ago, I noticed that I wasn’t getting charged or any email confirmations,” Cierra Glasgow said. “So, I knew something was happening. I just never got notification that anything was wrong.”

Glasgow has been a Beaches Energy customer for four years and has her billing set up to auto-pay. She said she still hasn’t received any communication on why there’s a payment delay.

“It’s definitely concerning for the people that do pay online with our banking information, social security on there,” Glasgow said. “It’s definitely an unsettling feeling knowing that that could be in the hands of hackers.”

An investigation revealed that between the dates of January 22 and January 29, information may have been taken from the city network, according to the City of Jacksonville Beach spokesperson.

Action News Jax told you at the end of January, when the city had an “information systems issue” due to a “cybersecurity event” that forced city hall and city facilities to close down on Monday.

At the time, the city said it had “no indication” that personal, sensitive data was compromised.

Action News Jax reporter, Meghan Moriarty, learned on Thursday that the City was given information on February 22 indicating that sensitive information “pertaining to certain individuals” was involved in the cybersecurity incident from January.

In a formal statement Wednesday, the city said its’ employees and customers of Beaches Energy Services may have been impacted, including social security numbers, driver’s license information and bank account information.

When we asked about the gap in notification a spokesperson said:

“Comprehensive computer forensic investigations take time. After the City identified certain files were involved in the event during the investigation, it began a thorough review of those files to determine their contents and to obtain contact information for individuals so that it could issue written notice.”

—  City of Jacksonville Beach spokesperson

“I think you can also assume that your login credentials were stolen, so maybe change your username and password, certainly your password across all your platforms you use,” Chris Freedman, the CEO of OnDefend, said.

He said smaller municipalities have become the big target for cyber attacks.

“They really have unsecure programs and they’re softer targets,” Freedman said. “If the data was stolen, it’s likely for financial reasons, for profitable reasons. So certainly, checking their credit, freezing their credit.”

Freedman recommends taking proactive measures by monitoring your identity and monitoring your credit. He also recommended ‘Have I been Pwned’ a website where you can check if your information is involved in a data breach.

A City of Jacksonville Beach spokesperson said if your information was compromised, you’ll get a letter in the mail with information and a code to use a credit monitoring service. Anyone who believes they are potentially impacted by this incident or have additional questions may call the dedicated assistance line at 844-709-0703.

For Media Inquiries: Lauren Verno, OnDefend

Media@ondefend.com