Information of 1,300 Sonoma County residents exposed during data breach

The personal information of more than 1,300 Sonoma County residents may have been exposed during a data breach involving a contractor earlier this year, the county said Wednesday.

The county's announcement about the breach came nearly three months after it was first detected by Seneca Family of Agencies, which provides mental health, counseling and family engagement services for three county departments.

Exposed information may include names, Social Security numbers, addresses, phone numbers, email addresses, medical record numbers, diagnosis and treatment information, health insurance information, Medicare or Medicaid numbers, provider names, prescription information, driver’s license or state identification numbers and digital signatures, according to the county’s announcement.

Seneca in a statement posted to its website said it had discovered an unauthorized entry to its network on Aug. 27 and launched an investigation. It learned through that investigation that an individual accessed the network “for a brief period of time” between Aug. 25 and Aug. 27, the company said.

In response, “we reset account passwords and implemented additional security measures to further protect information,” the statement read.

“It’s really unfortunate,” said Leticia Galyean, Seneca’s chief executive officer. “We want to resolve this as quickly as possible on behalf of the families that may have been impacted.”

Seneca said it has uncovered no evidence to indicate that any of the information accessed has been misused as a result of the breach. Still, this week it began notifying clients whose information may have been accessed, a county spokesperson said.

In Sonoma County, that includes 1,364 potentially affected people. The county Human Services Department, Health Services Department and Probation Department each have a contract with Seneca.

Seneca and county officials offered little explanation for the three-month period that elapsed before clients received notification that their data was exposed in the August breach.

“I can’t speak for Seneca as to why they haven’t announced it until now,” said Kristen Font, communications manager for the county Human Services Department, one of the departments that contracts with Seneca. “We wanted them to take the lead on it since it’s their issue and they’re providing support services for those affected.”

Seneca notified its partners, including Sonoma County, in August that the breach occurred, Font said. No county computer systems were attacked or compromised, she said, and the county added more protections to its own systems after learning of the breach.

Galyean declined to discuss the timeline to notify individual clients of the breach, instead referring a reporter back to the published statement. The statement did not contain information on the company’s decision-making process to notify clients.

Seneca has offered to provide 12 months of free credit monitoring and identity protection services to any affected residents who request it. Anyone with questions about the breach or who would like to enroll in the credit monitoring and identity protection services can call 855-675-2841, Monday through Friday (except U.S. holidays), from 6 a.m. to 6 p.m. Pacific time.

“In general, we encourage potentially impacted individuals to remain vigilant against incidents of identity theft and fraud by reviewing credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors,” Seneca’s statement read.

You can reach Staff Writer Kaylee Tornay at 707-521-5250 or kaylee.tornay@pressdemocrat.com. On Twitter @ka_tornay.