State IT security specialists discovered malware (malicious software) on state computers at Tettegouche State Park in Silver Bay, Minnesota, Aug. 25.
Even though the Minnesota Department of Natural Resources (DNR) has no evidence that credit card numbers were accessed, out of an abundance of caution, it is advising those who visited the park and charged items from Aug. 22-25 to review their credit card accounts for suspicious activity.
About 400 credit card transactions took place at the park during this period. The DNR is unable to access credit card customer personal information, so is unable to contact those who made the transactions.
The DNR is advising that visitors who charged items at the park during this period monitor their credit card accounts for any unusual activity and report their concerns to their credit card issuer. Issuers have been alerted to the incident. Visitors should also be wary of any email communications from the DNR that request personal information.
The virus was isolated to computers at the park. No other DNR or state IT systems were affected, including the state park reservation system and the DNR website. Customers should not worry that their park reservation data was compromised.
IT experts noticed a spike of unusual activity on the computers around 4 p.m. on Aug. 25 and initiated actions to isolate the site, protect sensitive data, and replace equipment. The state is currently conducting a full forensic analysis to learn more about what happened.
DNR staff are working closely with Minnesota IT Services to aggressively investigate this incident and to discover if any sensitive information was accessed.