State IT security specialists discovered malware
(malicious software) on state computers at Tettegouche State Park in Silver
Bay, Minnesota, Aug. 25.
Even though the Minnesota Department of Natural Resources
(DNR) has no evidence that credit card numbers were accessed, out of an
abundance of caution, it is advising those who visited the park and charged
items from Aug. 22-25 to review their credit card accounts for suspicious
activity.
About 400 credit card transactions took place at the park
during this period. The DNR is unable to access credit card customer personal
information, so is unable to contact those who made the transactions.
The DNR is advising that visitors who charged items at
the park during this period monitor their credit card accounts for any unusual
activity and report their concerns to their credit card issuer. Issuers have
been alerted to the incident. Visitors should also be wary of any email
communications from the DNR that request personal information.
The virus was isolated to computers at the park. No other
DNR or state IT systems were affected, including the state park reservation
system and the DNR website. Customers should not worry that their park
reservation data was compromised.
IT experts noticed a spike of unusual activity on the
computers around 4 p.m. on Aug. 25 and initiated actions to isolate the site,
protect sensitive data, and replace equipment. The state is currently
conducting a full forensic analysis to learn more about what happened.
DNR staff are working closely with Minnesota IT Services
to aggressively investigate this incident and to discover if any sensitive
information was accessed.
