Wright County employee who accessed private data at home says he 'didn't do anything to it'

December 13, 2018 10:18 PM

Officials in Wright County say an employee transferred private data to his home, but they have recovered the data and do not believe it was sold or distributed.

According to the county, the employee was trained on protecting citizen data and decided "to not follow policy."

Advertisement

5 EYEWITNESS NEWS spoke to that employee, Timothy Lorsung, who was fired from his IT position with the county.

When asked if he was responsible for taking the data, Lorsung responded, "Yes, I wanted to work at home."

He stressed the data is safe, adding "I didn't sell it, didn't do anything to it, there's data in there I didn't even know I had."

Lorsung said he doesn't now have any of the private data, including social security numbers and financial records. 

A statement from the county said they notified individuals of the breach "because they felt citizens had a right to know this transpired."

The county sent letters out to those affected this week.

But 5 EYEWITNESS NEWS learned through information in a search warrant of Lorsung's home that the county may have been aware of this breach as early as April.

Lorsung confirmed this all happened last spring.

Kim Williams-Dubois received one of the letters addressing the data incident. She said the data breach is troubling, but for it to take the county this long to inform the public is unacceptable.

"It was the last place I expected to get a letter from where there was a data breach, so yes, my trust is definitely shaken and I'm sure a lot of other peoples' is too," Williams-Dubois said. "I was surprised, more worried, about the fact that my sons information is floating out there as well."

There is an ongoing criminal investigation into the employee's actions, but Lorsung has not been charged with a crime. 

The county said it has notified those whose data was accessed, and anyone who did not receive a letter did not have their data accessed.

Wright County has hired a company that specializes in data notification to handle notifications and requests from citizens. County residents can request further information via the following methods:

  • Calling 866-680-3212
  • Emailing info@wrightcountydataincident.com
  • Mail to the following address: Wright County Data Incident-6354, PO Box 44, Minneapolis, MN 55440-0044

Wright County officials didn't address the timing of when they sent out the letters to the public, citing an ongoing investigation. But they released a statement:

"Wright County takes data privacy very seriously and government agencies are held to a higher standard for data protection," it read. "We have many protocols, procedures and training requirements in place. While we regret the actions of this former employee, we want to reiterate that no evidence has been found to indicate there was any sale or distribution of private data. The data was recovered and returned to the County by law enforcement. The criminal investigation is ongoing. We expect to the know the full reach of individuals affected in the near future."
 

Connect with KSTP


Join the conversation on our social media platforms. Share your comments on our Facebook, Instagram, and Twitter pages.

Credits

The Associated Press

(Copyright 2018 by The Associated Press. All Rights Reserved.)

Advertisement

St. Paul police say man shot last week dies from his injuries

Paynesville police seek missing man with criminal sexual conduct arrest warrant

Man accused of abducting his 2 daughters in Cottage Grove to appear in court

St. Thomas law school program aims to give juveniles legal representation

Advertisement