I have worked part time with the Orange County Public Library system for over ten years and really enjoy it. In July 2015, I received a two-page notification that my personal data had been compromised when attackers successfully penetrated the employee network database. Here’s the list of information they said was a part of the breach: my name, address, date of birth, Social Security number, Driver’s license number, payroll information, dental, vision, life and disability enrollment information, retirement status, dependent information, usernames and passwords. According to their records, the attack had been underway for about two months. Due to the breach, the county offered identity theft coverage for one year for anyone involved. I have my own robust coverage, but why not have a little more, right? So I enrolled.
Less than two weeks ago, I received another letter from the same employee organization stating that they had been experiencing “several electronic attempts by unknown third parties” to access employee accounts without authorization. Since I was not notified directly, but only by a general letter, my account was not in the sweep this time.