August 11, 2023 Baltimore County

TOWSON, MD — Baltimore County announced that it has been notified by third party vendor PBI Research Services (“PBI”) of a recent security incident involving “MOVEit,” a file transfer software program hosted by PBI. The County, one of numerous entities affected nationwide, is coordinating with PBI to take steps to address this incident.

PBI notified Baltimore County on June 14, 2023, that some of the files the County shared with PBI may have been subject to unauthorized access and download. According to PBI, a technical vulnerability in the file transfer program, MOVEit, may have allowed unauthorized parties to access and download files between May 29, 2023, and May 30, 2023.

After learning of the incident, PBI launched an internal investigation using leading cybersecurity and digital forensics specialists. PBI also notified federal law enforcement on June 3, 2023 and began to identify the individuals whose information may have been contained in the files involved in the incident. Through their investigation, PBI determined that certain individuals’ PII, including first and last names, dates of birth, addresses, and Social Security numbers may have been involved.

While their investigation has not identified any known misuse of this PII, PBI will, out of an abundance of caution, directly notify individuals whose information may have been involved in the incident.

PBI will also establish a dedicated call center to answer questions that individuals may have, and PBI has also agreed to provide credit monitoring for impacted individuals.

Information about the credit monitoring services and how to reach the call center will be provided in the PBI notification letter sent directly to individuals whose information may have been involved.

Baltimore County will continue to support PBI’s efforts to address this incident.