York County

York County experienced an unauthorized access incident in September 2024, where a county email account was compromised for a limited time. While the investigation confirmed that no data was explicitly viewed or stolen, sensitive personal information including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical and health insurance details, and online account credentials was potentially accessible. The county initiated an investigation upon detecting suspicious email activity, notified affected individuals via written notices, and reported the event to regulatory authorities. Additional security measures, including administrative and technical safeguards, were implemented to prevent future breaches. A dedicated assistance line and mailing address were provided for inquiries, emphasizing the county’s commitment to transparency and data protection.

Source: https://www.ydr.com/story/news/local/2025/09/17/potential-data-breach-york-county-pa-investigates-unauthorized-access/86197970007/

TPRM report: https://www.rankiteo.com/company/york-county-south-carolina

"id": "yor1092310091725",
"linkid": "york-county-south-carolina",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Individuals with data in the '
                                              'compromised email account '
                                              '(exact number unspecified)',
                        'industry': 'Public Administration',
                        'location': 'York, PA, USA',
                        'name': 'York County',
                        'type': 'Government (County)'}],
 'attack_vector': 'Suspicious Email Activity (Potential Phishing/Smishing)',
 'customer_advisories': {'assistance_line': '1-866-497-0171 (9 AM–7 PM ET)',
                         'mailing_address': 'York County, 28 E. Market St., '
                                            'York, PA 17401 (Attn: Solicitor’s '
                                            'Office)'},
 'data_breach': {'data_exfiltration': 'None Confirmed (Potential Access Only)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (SSN, Medical, Account '
                                        'Credentials)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)',
                                              'Authentication Credentials']},
 'date_detected': '2024-09-20',
 'date_publicly_disclosed': '2025-09-09',
 'description': 'York County investigated an incident involving unauthorized '
                'access to a county email address in September 2024. While no '
                'information was confirmed as viewed or taken, some personal '
                'data (e.g., SSN, medical info, account credentials) may have '
                'been accessible. The county is notifying affected individuals '
                'and enhancing security measures.',
 'impact': {'brand_reputation_impact': 'Potential (Notifications Sent)',
            'data_compromised': ['Name',
                                 'Address',
                                 'Date of Birth',
                                 'Social Security Number',
                                 'Driver’s License Number',
                                 'Medical Information',
                                 'Health Insurance Information',
                                 'Online Account Usernames/Passwords'],
            'identity_theft_risk': 'Potential (Due to PII Exposure)',
            'systems_affected': ['County Email Account']},
 'initial_access_broker': {'entry_point': 'County Email Account'},
 'investigation_status': 'Ongoing (As of Disclosure Date)',
 'post_incident_analysis': {'corrective_actions': ['Policy/Procedure Review',
                                                   'Additional Safeguards '
                                                   'Implementation']},
 'recommendations': ['Enhance Email Security (e.g., MFA, Phishing Training)',
                     'Monitor for Unauthorized Access',
                     'Regular Policy/Procedure Reviews'],
 'references': [{'date_accessed': '2025-09-09',
                 'source': 'York County Official Website'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to '
                                                       'Authorities (as '
                                                       'required)'},
 'response': {'communication_strategy': ['Public Disclosure (Website Post)',
                                         'Written Notices to Affected '
                                         'Individuals',
                                         'Dedicated Assistance Line '
                                         '(1-866-497-0171)',
                                         'Regulatory Reporting'],
              'containment_measures': ['Investigation Launched',
                                       'Security Assessment'],
              'enhanced_monitoring': 'Implied (Ongoing Security Review)',
              'incident_response_plan_activated': True,
              'remediation_measures': ['Reviewing Policies/Procedures',
                                       'Implementing Additional Safeguards '
                                       '(Administrative & Technical)']},
 'stakeholder_advisories': 'Written notices to affected individuals; public '
                           'post on county website.',
 'title': 'Unauthorized Access to York County Email Account',
 'type': ['Data Breach', 'Unauthorized Access']}