Pitkin County

A file of Pitkin County containing information related to COVID-19 case investigations and/or contact tracing was inadvertently accessible to potential unauthorized parties on internet.

The affected file contained the some or all of the following information: Name, Address, Date of Birth, Employer, Name of School/Childcare Facility, Underlying Conditions, Test Type, Unique ID, Symptoms, Onset Date.

Pitkin County immediately took steps to remediate this issue to prevent access from the internet.

The county also notified the individuals that were impacted by the breach and offered them credit monitoring and identity restoration services at no cost.

Source: https://www.databreaches.net/co-pitkin-county-covid-19-case-investigations-inadvertently-exposed-online/

TPRM report: https://scoringcyber.rankiteo.com/company/pitkin-countyhr

"id": "pit1617622",
"linkid": "pitkin-countyhr",
"type": "Breach",
"date": "12/2020",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Public Health',
                        'location': 'Pitkin County, Colorado',
                        'name': 'Pitkin County',
                        'type': 'Government'}],
 'attack_vector': 'Inadvertent Access',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Health Information']},
 'description': 'A file of Pitkin County containing information related to '
                'COVID-19 case investigations and/or contact tracing was '
                'inadvertently accessible to potential unauthorized parties on '
                'the internet. The affected file contained the following '
                'information: Name, Address, Date of Birth, Employer, Name of '
                'School/Childcare Facility, Underlying Conditions, Test Type, '
                'Unique ID, Symptoms, Onset Date. Pitkin County immediately '
                'took steps to remediate this issue to prevent access from the '
                'internet. The county also notified the individuals that were '
                'impacted by the breach and offered them credit monitoring and '
                'identity restoration services at no cost.',
 'impact': {'data_compromised': ['Name',
                                 'Address',
                                 'Date of Birth',
                                 'Employer',
                                 'Name of School/Childcare Facility',
                                 'Underlying Conditions',
                                 'Test Type',
                                 'Unique ID',
                                 'Symptoms',
                                 'Onset Date']},
 'response': {'communication_strategy': 'Notified impacted individuals',
              'containment_measures': 'Immediate remediation steps to prevent '
                                      'access from the internet',
              'remediation_measures': 'Notified impacted individuals and '
                                      'offered credit monitoring and identity '
                                      'restoration services'},
 'title': 'Pitkin County COVID-19 Data Breach',
 'type': 'Data Breach'}

Pitkin County

Dansons

TEP Holdings, LLC

Bolton Global