JACKSON, Wyo. — Teton County is currently responding to an incident regarding a suspicious email sent from a County employee’s official email account. On Tuesday, Aug. 12, the County became aware that internal and external contacts had received the email.
According to a press release, the County’s Information Technology (IT) Department immediately shut down the affected account to prevent further breaches. The department then launched an internal investigation and engaged a team of cybersecurity experts to assist. The Wyoming Office of Homeland Security was also notified and remained in communication with the County throughout the incident.
The cybersecurity experts confirmed that an unauthorized party temporarily accessed the employee’s account through a phishing email that harvested credentials. The attacker then used the employee’s account to send similar phishing messages to all of the account’s contacts.
Though Buckrail has not confirmed a correlation, at Monday’s Board of County Commissioners voucher meeting, the commissioners voted on an item proposed by County prosecutor Dick Stout, regarding the need for external expertise on an IT legal issue. The commissioners voted to mobilize $4,500 and an engagement letter with Constangy Law Firm, which specializes in cybersecurity and data privacy. Teton County did not respond to comment requests by publication time.
Teton County states that the incident has been fully contained and remediated. Individuals who were sent the phishing email from Teton County have been or will be notified. If a suspicious email has been received or an email with an unknown attachment, delete it immediately.
