The Town of Concord recently sent a letter informing individuals that their personal information was lost. We want to begin by saying that the letter is legitimate and was mailed in reference to the 2019 data security incident in which hard drives, which were planned for destruction during routine replacement of equipment, were taken before the vendor could properly dispose of them. Due to the large amount of data stored on these hard drives, it took the past two years to re-create and comprehensively search through all hard drives data to identify the persons potentially affected and to identify contact information to send letters to them.
This letter was sent as a direct response to a possible data security incident suffered by the Town of Concord in October of 2019. At that time, over 100 Town hard drives from Town computers were slated for secure destruction. Before the secure destruction was completed, the hard drives were reported missing. The Town immediately notified the Concord Police Department whose investigation remains open and ongoing. Out of an abundance of caution, the Town engaged counsel who retained forensics and data mining specialists on the Town’s behalf.
Over the past two years, the missing hard drives were recreated by the Town’s IT department and analyzed by forensic specialists looking for personal information. Notices were mailed to a large group of individuals whose information was found during the investigation. If you received this letter, it does not mean that your information was compromised or misused; however, it does mean that some form of your personal information was found on one of the re-created hard drives. The information found for individuals varied but included information such as: contact information, government-issued identification numbers – such as Social Security Number or drivers’ license number, limited financial information, or limited medical information. The medical information is limited to services provided by the Town’s Fire and EMS Departments. The medical information is not associated with any local doctor’s office or hospital as the Town does NOT have access to that information. Additionally, we do not have access to information of banks, shops, or other businesses within the Town.
Please be assured that we are not aware of any actual or attempted misuse of any personal information because of this incident. Again, these letters were mailed out of an abundance of caution and to help empower people who may wish to take a proactive role in monitoring their credit. To that end, the Town is providing free identity monitoring services including single bureau credit monitoring, fraud consultation, and identity theft restoration services to those who received a notice letter. These services can be accessed by calling the number listed on your letter, which is 855-651-2701, or by visiting https://enroll.krollmonitoring.com. Please note that you will need a unique “member ID,” which can be found on the second page of the letter you received. This number is unique to you as the recipient and should not be shared with anyone else.
We want to assure our community that many steps have been taken over the past two years to enhance the security of your personal information. We are taking steps to protect personal information stored on Town systems and Town-owned electronics. In the same respect, personal electronics that residents recycle during Town sponsored electronic recycling events follow R2 Procedure 11.1‐01‐P Data Destruction and Shredding Procedure. As a reminder, any personal electronics brought for recycling should already be erased or factory reset.
We are hopeful this additional information answers some of your questions. The Town would like to apologize for any frustration this letter and the possible data security incident may have caused.