FBI investigating COVID-19 data breach in South Dakota

RAPID CITY, S.D. (AP) — The FBI is investigating a data breach that may have compromised the identity of people with the COVID-19 virus in South Dakota.

South Dakota Department of Public Safety Director Paul Niedringhaus sent a letter to people who may have been affected by the June 19 breach, the Rapid City Journal reported Friday.

The letter, dated Monday, says the state's fusion center used Netsential.com's services to build a secure online portal this spring to help first responders identify people who had tested positive for the coronavirus so they could take precautions while responding to emergency calls.

The South Dakota letter said police in the state weren’t given names but could call a dispatcher to verify positive cases. Houston-based Netsentials added labels to the files that might allow a third-party to identify patients, the letter said, and the breach could have compromised people’s names, addresses and virus status.

“This information may continue to be available on various internet sites that link to files from the Netsential breach,” the letter said.

Netsential hosted the websites of more than 200 U.S., law enforcement agencies, most of them fusion centers like the South Dakota one affected. The company confirmed in June that its server had been breached.

The server was the source for a trove of files, dubbed BlueLeaks, that were shared online by a transparency collective called DDoSecrets. The collective said it had obtained them from a hacker who said they were sympathetic to anti-racism protesters.

Department of Public Safety spokesman Tony Mangan confirmed to The Associated Press in a short telephone interview that the FBI was investigating but had no further comment. A message left Friday at the FBI’s Minneapolis office wasn’t...