Monroe county's treasurer is warning that a breach of an online portal that allows people to access their property tax bills may have allowed hackers to view users' personal information.
County Treasurer Jessica McClellan says the intruder didn't view any banking or credit card information because a separate company processes that information. But she's recommending that the portal's users change their passwords.
County officials learned in November that the provider of the online portal, Master's Touch, LLC, was hit by a malware attack on Oct. 23. Taxpayers can use the portal to review their property tax statements and assessments.
Master's Touch, LLC recorded a phone message informing property owners of the hack and urging them to change passwords on other websites.
“While we have no reason to believe your information has been accessed, we recommend that you change your password on any other website where you may have used the same password. This is simply good, recommended security practice,” the recording said.
The company also sent a letter to its customers explaining what happened:
The Master's Touch, LLC provides eNoticesOnline.com, an online web portal for your property tax statements and assessments. On October 23, 2019, we fell victim to a malware attack when an unknown individual gained access to the server that manages our eNoticesOnline system, causing the system to crash. We quickly restored the server and blocked the intruder from future attacks on the system. We also engaged a computer forensics company to determine what, if anything, the intruder may have accessed. On November 19, 2019, we discovered that the computer forensic investigation confirmed there was no unauthorized removal of data files, but was unable to determine if the files had been viewed. Out of an abundance of caution, we are notifying you of this incident.
George Hale contributed to this report