On September 28, the City of Lexington was notified of a security incident by Metaformers Inc., a third-party contractor working on City technology projects. As part of its work, Metaformers had access to employees’ personally identifiable information.
Metaformers reported that its e-mail server was compromised by a malicious attack in July. As a result, the Social Security numbers, addresses and/or dates of birth of some current and former City employees were potentially exposed to the attacker. The City’s servers and systems were not affected in the third party’s security incident. In response to this incident, Metaformers changed the passwords on all of its e-mail accounts, and implemented multi-factor authentication.
Employees who were potentially affected have received one letter from Metaformers notifying them of the incident via U.S. mail, and can expect to receive another. These employees are encouraged to call Metaformers at the phone number provided in the letter with any questions.