MERIDIAN TOWNSHIP, Mich. — Meridian Township is apologizing after an email went out on Friday revealing property owner's email addresses. The email was to remind property owners about upcoming tax payments. The township says it was an honest mistake, but now one of those property owners says he's worried about potential consequences.
Chris Williams was sitting at work on Friday when he got the email and noticed the problem.
"I like to make sure that it's coming from who it's supposed to be coming from and when I checked the to and from fields on the email, I noticed that there were hundreds of email addresses that it was being sent to," said Williams.
Working in IT and formerly in information security, Williams says that alarmed him.
"I dealt with phishing campaigns, which is how I recognized that this could be a potential issue," he said.
Meridian Township says the form-letter email was meant to be sent blind, with all of the addresses BCC or blind-copied.
"It was an honest mistake that the email included other addresses in it. However, besides the email addresses, no private, no personal banking or payment information was included in the email," said Meridian Township Treasurer Phil Deschaine.
Deschaine says they reached out to everyone affected on Monday apologizing and assuring them not to worry.
"The information that they share with us is secure, this was an aberration, a mistake," he said.
Williams appreciates the apology, but still has his concerns and just wants others to be aware.
"It's email addresses plus a geographic indicator, plus the fact that I'm a property owner, which using public records you can cross-reference those," said Williams.
Cybersecurity expert Jeff Detloff says the email addresses are just one piece of the personal information puzzle.
"Emails are well-known. So, it's not that big a deal. If somebody wanted to find out my email address they could easily find it, but now the fact that I'm associated as a property owner of the township that adds a little more," said Detloff. "You can do searching on the township's website and find tons of information that you wouldn't expect to be there and if people did that on themselves they would be shocked at the information that they could find."
Williams agrees but hopes the situation brings about security changes.
"The most concerning thing isn't the fact that the email disclosure was made. It's likely nothing will come of it, but there needs to be proper security practices that are implemented so that something like this doesn't happen again and something potentially worse doesn't happen," said Williams.
The township says they are working to make sure that this does not happen again, and going forward, they are taking three steps:
1. All group emails will only be sent by the township treasurer, with review by the deputy treasurer.
2. In the next week, there will be training for the staff on the proper use of group email functions.
3. In the next two weeks, the township IT DIRECT will complete an audit of email security procedures to ensure they meet and exceed accepted industry standards.
The Michigan Identity Theft Protection Act does not include email addresses within the definition of "personal information."
The Attorney General's office suggests those with exposed email addresses be more alert to possible phishing scams.
The township is saying that no one has reported an increase in spam or junk mail.
Want to see more local news ? Visit the FOX47News Website.
Stay in touch with us anytime, anywhere.
Download our free app for Appleand Android
and
Sign up for newsletters emailed to your inbox.
Select from these options: Breaking News, Severe Weather, School Closings, Daily Headlines and Daily Forecasts.
