Suffolk County’s computer team recently alerted administrators within its network about a data breach, stemming from a security incident involving the Okta computer security application utilized since last year. The breach prompted the county to initiate precautionary measures and notify its administrators of potential new cyber threats.
A spokesperson for Suffolk County informed Patch that Okta, a widely-used vendor across public and private sectors globally, notified them of the security incident earlier this week. Although there’s no current evidence of increased security risks specific to Suffolk County, the authorities are proactively implementing appropriate mitigation strategies. Additionally, in a bid to fortify cybersecurity protocols, the county has proposed legislation mandating vendors to report breaches or attacks within 48 hours.
This development follows a previous cyber breach in 2021 that infiltrated the Suffolk clerk’s office, remaining undetected for approximately seven months before gaining access to the county’s primary servers on September 8, 2022. Consequently, officials enacted a shutdown of all online services.
During the 2022 breach, hackers demanded a $2.5 million ransom, a demand that Suffolk County Executive Steve Bellone chose not to fulfill. Subsequent assessments granted clearance to most county departments by October, except for the clerk’s office, which operated with a decentralized Internet Technology department independent of the county’s main infrastructure.
Bellone emphasized that with proper implementation of key security measures and transparent information sharing, the cyberattack could potentially have been averted. This situation led to the placement of the clerk’s office’s former IT director, Peter Schlussler, on paid leave in December amid published reports of alleged involvement. Schlussler has denied any wrongdoing in relation to the incident.
