PIERRE, SD – The South Dakota Fusion Center, a department within the South Dakota Department of Public Safety (SDDPS), is pointing to a web development company it hired, for a security failure that would allow unauthorized people to access names, addresses, birth date and COVID-19 status.
The data breach which compromised the information of hundreds of thousands of law enforcement officers around the country, has also impacted South Dakotans who test positive for the coronavirus.
According to news reports, the SD Department of Health used Netsential, a Texas-based web design and hosting company that maintains a number of state law enforcement data-sharing portals that allows law enforcement to check if individuals were positive for COVID-19 while they were out on calls.
The department was notified in June that Netsential’s servers were hacked by a third party, which obtained names, birthdates, and addresses from individuals who were tested for COVID-19. The status of a person’s COVID-19 test was also compromised. The breach did not include any financial information, social security numbers or internet passwords.
SDDPS is notifying people by letter, who may have had their personal information compromised if they were tested for COVID-19. Individuals who received the letter are being encouraged to look up tips on identify theft available on the South Dakota Attorney General’s website.
Netsential’s website makes note of its web servers being breached. On the homepage, a statement reads that Netsential is, “working with the appropriate law enforcement authorities regarding the breach, and we are fully cooperating with the ongoing investigation.”
