Keene officials are asking people to take protective measures after a security breach may have compromised the banking information of about 5,525 individuals and organizations that have sent checks to the city’s post office box.
In a Nov. 11 letter, the city notified those potentially affected that the database for Technology Management Resources, Inc. was accessed by an unauthorized person, according to a memo posted to the city’s website. The memo says that while checks sent to the city have not been compromised, the person who gained access to the TMR database would have been able to view account and routing numbers that are visible on scanned images of the checks.
The breach did not involve payments made directly to Keene’s revenue office but only those mailed to the post office box, according to a news release the city issued Monday.
Keene City Attorney Tom Mullins emphasized Monday evening that the city itself was not the entity that was breached, saying Keene was just as much a victim in this situation as others who were affected.
The city works with Mascoma Bank to manage certain accounts, and the bank scans and deposits checks written to the city and mailed to its post office box, according to the memo. TMR, a vendor of Mascoma Bank, performs data-processing services related to those checks, the memo says.
Mascoma Bank had not responded to requests for comment Tuesday morning.
According to the FAQ portion of the city’s memo, the breach happened in June, and the city was notified in late August. Mullins said there were several reasons for the delay between when the city learned of the breach and when it notified those who may have been affected. Among them, he said, was the need to get the facts of the breach straight and extract information from the TMR database, and he also said roadblocks arose while working with legal counsel and insurance providers for the other entities involved in the breach.
The city’s memo specifies that the breach allowed the unauthorized individual access only to scanned images of checks and not to Social Security numbers. Therefore, city officials do not believe there is an increased risk of identity theft.
According to the city’s news release Monday, the individual was able to view checks sent to the city between June 2019 and January 2020. About 5,100 of the 5,525 people and organizations that sent checks during this time period are based in New Hampshire.
The memo notes that Keene officials are not aware of any instances of personal information being misused as a result of this breach, and Mayor George Hansel said Monday that, to the best of his knowledge, this is still the case. However, the city advises those who may have been affected to safeguard their accounts.
“First, enroll in the two-year protective services that are being provided, free of charge,” the FAQ states. “Second, contact the bank or financial institution that the check was written from to alert it about this breach. And third, review the activity in that bank or financial account now and at least monthly thereafter, and immediately notify the bank or financial institution if any fraud is suspected or has occurred.”
The protection services are offered by Experian at no cost. Those interested in signing up can do so online at www.experianidworks.com/credit, and businesses or organizations that have been affected can sign up at www.protectmybusinessid.com.
Both will require a code that can be found on the Nov. 11 letter from the city. The offer expires on Jan. 31.
According to Monday’s news release from Keene officials, N.H. Attorney General Gordon MacDonald has been notified of the breach, and TMR has stated that it has filed a report with the FBI.
TMR President Norman Picard declined to comment on the security breach, citing confidentiality agreements the company has with its customers.Mia Summerson can be reached at 352-1234, extension 1435, or firstname.lastname@example.org. Follow her on Twitter @MiaSummerson