The so called “BlueLeaks” data breach, which compromised the information of hundreds of thousands of law enforcement officers across the nation in June, has a whole new twist tonight that involves South Dakota and people who tested positive for COVID-19.

KELOLAND Investigates has obtained a letter sent by the director of the South Dakota Department of Public Safety’s Fusion Center, letting victims know that their personal data was compromised.
The center used the Texas web design and hosting company, known as Netsential, which maintains a number of state law enforcement data-sharing portals.

Fusion Center Director Paul Niedringhaus says in his letter to potential victims of the breach that law enforcement officers could call a dispatcher to verify if a particular individual was positive for coronavirus.

Neidringhaus wrote in the letter that Netsential added labels to the file, which would allow a third party to identify someone’s COVID-19 medical status.

The SD Fusion Center blames Netsential for a security failure that would allow unauthorized people to access names, addresses, birth date and COVID-19 status.

The center says the list does not include financial information, social security numbers or passwords.

The Fusion Center says it was Netsential’s responsibility to inform the victims of the data breach, but it has not confirmed it will do so, which is why the Fusion Center is now letting them know.

Neidringhaus’ letter refers victims to the South Dakota Attorney General’s information on identity theft.

Netsential says it’s “working with the appropriate law enforcement authorities regarding the breach, and is fully cooperating with the ongoing investigation.”

KELOLAND Investigates reached out to the South Dakota Department of Public Safety, which includes the Fusion Center. They sent us this response:

“The letter speaks for itself. Since this is a FBI-led ongoing criminal investigation, DPS has no further comment.”

Tony Mangan, South Dakota Department of Public Safety