Lawmakers have been asked to change passwords and follow other safety protocols after the FBI alerted state authorities that the legislative email system had been targeted by a foreign entity.
Maj. Rick Hopkins of the Vermont State Police said the email system was not successfully breached or hacked and no information was taken. Instead, he said, the FBI reported almost all of the 180 legislators’ emails had been found to be “of interest” to an undisclosed foreign attacker.
Gov. Phil Scott said he learned of the situation on Friday night and said the problem has not spread to emails of other state officials, including the administration. The Legislature is on its own server, Hopkins said, and the problem appears to be confined to that system.
“It’s fairly contained because it’s just there on one server, but we were concerned that there may be some overlap and a way that it could get into other systems,” Scott said Tuesday.
Technicians over the weekend built firewalls between the legislative system and the one that serves the executive branch.
“Cybersecurity, I’ve identified that is something we really need to pay attention to, so this is just another example of why,” the governor said.
Hopkins said it was a concern anytime a foreign agent was targeting a legislative body, but he said the situation was not worthy of “panic.”
Scott noted the significance of the attempt in the wake of a data breach at the Department of Labor and the attempted hack at the Burlington Electric Department.
Sen. President Tim Ashe, D/P-Chittenden, said the advisory from the FBI suggested it was a more serious threat than usual.
Ashe, who mentioned the FBI warning on the Senate floor, said there had been no apparent disruption in service on the legislative email server.
Hopkins said he had been contacted by the FBI only rarely about an attack on an email server. However, he noted many computer systems face threats every day and the users and companies should be vigilant about following best practices, including not opening attachments inside emails that look suspicious or that come from unknown senders.
Some lawmakers say they often receive email from people they do not know who are advocating for a particular cause.