In a Howard County Government News Release we get an update on the story about the compromised Constant Contact account and email list for Calvin Ball (Howard County Executive):
December 24, 2018
Scott Peterson, Director of Communications, Office of Public Information, 202-277-9412
UPDATE: County Executive Ball Compromised Constant Contact Account
ELLICOTT CITY, MD – Today, the Howard County government followed up with Constant Contact regarding last night’s phishing attempt on the Constant Contact account for Howard County Executive Calvin Ball. After discussions with Constant Contact the following information was discovered:
- Someone signed into the Constant Contact account at 6:30 p.m. yesterday evening. As soon as we were made aware of this event, our Department of Technology and Communication Services worked quickly to mitigate the situation and investigated the root cause.
- The unauthorized user created three phishing campaigns using the various mailing lists associated with the County Executive’s Constant Contact account.
- There was no data exported from this account. There was no confidential data of recipients stored in the Constant Contact account.
- Due to unusual activities on this account, Constant Contact suspended it yesterday around 8:40pm. They also disabled the link attached to the phishing emails. The account is now back online.
- Emails were sent to approximately 35,000 recipients.
- 4,550 or 13% opened the email and under 2% clicked the link.
County Executive Ball expresses sincere apologies to those who received the email. He urges, as an extra precaution, to update your passwords regularly to ensure your information is secure.
Here is a screenshot of the email:
I am happy to read two things:
- No data was exported from this account
- No confidential data of recipients was stored in the Constant Contact account
If you work on enough systems…this happens to just about everyone over time. I am happy to see the County Executive and his team jump on this situation so quickly and put out updates.
Hopefully the 2% that clicked on the link did not fill out the information and have their data exposed. If you did…go change your passwords on Netflix quickly.
I will keep an eye out for new spam and junk mail in the following weeks…as I was also a recipient of one of the emails last night…just to make sure I am not on any new lists all of the sudden.