On Friday, the Joint Commission on Public Ethics (JCOPE) announced that it has provided the required notice to the people whose emails/usernames and passwords were contained in a file that was improperly accessed in the February cyber security attack. JCOPE said the incident caused the temporary shutdown of JCOPE’s Lobbying Application and online Financial Disclosure Statement (FDS) systems.
Officials said it has identified a security incident in which information technology systems at JCOPE were breached in a notice letter issued to meet legal obligations to potentially affected people. As a result, files containing letters, email/username, and passwords for the JCOPE Legacy (pre-2015) FDS systems were improperly accessed.
The Legacy FDS filing system was in place to maintain annual statements made by state employees and officials until its replacement in 2015. JCOPE said once evidence of improper access to those systems was discovered, all passwords for the current FDS filing system were reset as a precautionary measure.
In addition, JCOPE urges users to immediately change their password on any other sites on which this password may have been reused. Individuals should always utilize complex passwords that do not repeat across different platforms they said.
JCOPE is taking steps to minimize the future likelihood of a security incident by safeguarding individuals’ information. JCOPE continues to monitor information technology systems including ongoing system vulnerability testing, and security logging they noted.