Breach of city contractor e-mail put some city workers info at risk

LEXINGTON, Ky. (WTVQ) – Some current and former Lexington city employees’ personal information was put at risk when a third-party contractor’s e-mail server was hacked in July.

The city was notified on Sept. 28 of the security incident by Metaformers Inc., the third-party contractor working on city technology projects, the city said in a release.

As part of its work, Metaformers had access to employees’ personally identifiable information.

As a result of the “malicious attack,” the Social Security numbers, addresses and/or dates of birth of some current and former City employees were potentially exposed to the attacker, the city said in the statement.

As many as 570 current or former employees were involved.

City spokesperson Susan Straub says not current or former employees have reported any identity theft or financial problems, so far.

And, Metaformers is paying for one year of identity theft protection for all affected current and former employees, she added.

The city’s servers and systems were not affected in the third party’s security incident. In response to this incident, Metaformers changed the passwords on its e-mail accounts, and implemented multi-factor authentication, the city said.

Employees who were potentially affected have received one letter from Metaformers notifying them of the incident via U.S. mail, and can expect to receive another.

These employees are encouraged to call Metaformers at the phone number provided in the letter with any questions, the city said.