The county clerk of Adams County in central Wisconsin is reportedly the prime suspect in a data breach affecting more than 250,000 people, and now local officials are attempting to remove her from her position.
According to a report from Madison, Wis.-based ABC news outlet WXOW, clerk Cindy Phillippi is alleged to have gained unauthorized access to confidential computer records, established unauthorized checking accounts, deleted records, and released confidential information to a former employee.
The breach was discovered last March, confirmed in June and disclosed on Aug. 10. Imperiled records include the personal identification information, personal health information and tax intercept information of roughly 258,120 people, including data collected by the Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services, Child Support and Sheriff’s Office departments from the time period of Jan. 1, 2013 through March 28, 2018.
The WXOW report states that the county personnel director filed a Verified Statement of Charges against Phillippi with the county board in an attempt to have her removed. Additionally, the Wisconsin Department of Justice reportedly seized the clerk’s laptop as part of a criminal investigation, issuing a search warrant that accuses her of using a keylogger to capture activity from nearly all county-operated computers.
WXOW says Phillippi did not respond to a request for comment, but has claimed that her various actions were legal and authorized either directly by the board or by past precedent. She reportedly also blamed other people for using her computer to log into the county’s secure system, asserting she never did, although she acknowledged previously asking for access to confidential records in order to investigate a department head’s computer use.
Without naming Phillippi, an Aug. 10 Adams County press release states that the suspect or suspects, “have been identified during the course of the investigation and the suspect(s) no longer have any access rights to view the entirety of the Adams County computer network and system.”
Additionally, “Further steps were taken to remedy the unauthorized access and there is limited access to the Adams County computer system and network,” the release continues. “All software control measures manipulated during the operative time period have been disabled. Access to control and/or authorize access to the involved departments has been restricted and placed in the control of one designated individual. A long-term solution to prevent any future breaches is currently being examined and will be instituted as soon as feasible in light of current design and costs.”