South Dakota

Fryn' Pan, a family restaurant situated in Sioux Falls, South Dakota, experienced a cyber attack between July 8 and October 8, 2023. The restaurant's owners were unaware that hackers had infiltrated the company's computer systems on July 8. United States Secret Service personnel contacted the restaurant and informed its owners that hackers had gained access to the Fryn' Pan computer network and may have viewed their customers' data. The Secret Service personnel elaborated that the hackers may have accessed the customers' card account numbers, card expiration dates, issuing banks, physical addresses, and names. Upon receiving this information, Fryn' Pan Restaurant immediately contacted customers who paid for orders between July and October 2023 using cards. These customers were advised to notify the bank that issued their banking cards if suspicious activity was detected in their banking accounts.

In 2023, the South Dakota Boards and Commissions' website was hacked and defaced by a hacker group called 'SiegedSec'. The South Dakota Boards and Commissions website is a portal that allows citizens to access data on commissions like the South Dakota Real Estate Commission, South Dakota Banking Commission, and South Dakota Board of Technical Professions. SiegedSec, which describes itself as a politically-motivated hackers group, did not make any demands of the South Dakota Boards and Commissions. The hackers compromised citizens' capacity to log in to the South Dakota Boards and Commissions' website for a few hours until security experts corrected the situation. A South Dakota Bureau of Information and Telecommunications representative observed that the hackers did not access confidential information but merely delayed ordinary operations for a few hours.

South Dakota's Sanford Health system oversees 158 nursing and rehabilitation facilities, 233 senior living communities, 224 clinics, and 46 hospitals. In 2023, Sanford Health's imaging vendor partner, DMS Health Technologies, experienced a cyber attack between March 27 and April 24. The data breach granted the hackers unauthorized access to more than 20,000 patients' insurance information, names, dates of service, exam types, and physicians' names. Sanford Health swiftly engaged an experienced IT security team to solve the issue and informed federal law enforcement about the breach. Sanford Health and DMS Health Technologies also publicly announced the data breach days after it happened. Sanford Health offered free monitoring services to patients whose data had been compromised. It also discussed its intention to implement better security measures to deal with evolving data threats.

In 2021, Brown County's computer network suffered an outage after one of its workers opened an email link with malware intended to extract data for extortion purposes. The data breach prevented the county's employees from accessing vital information needed to perform their jobs for more than a week. Brown County officials shut its server down to prevent the hackers from accessing employees' details and Social Security numbers. Brown County's 911 services were not affected by the data breach. Moreover, many of Brown County's departments could not use email communications, order new vehicle tags, or access their database. The hacker was unable to access Brown County employees' Social Security numbers or financial information. Following the data breach, Brown County officials admitted that their network had antiquated servers. They began to use antivirus software and implemented additional security measures to prevent similar data breaches in the future.

South Dakota's DPS Fusion Center, which holds COVID-19 patient data, is hosted by the web development service 'Netsential.com'. In 2020, Netsential experienced a data breach that exposed information held by the DPS Fusion Center. This data included patients' physical addresses, names, and COVID-19 test status. The data breach, which happened on June 19, impacted thousands of South Dakota's citizens. The DPS Fusion Center disclosed this breach to the public on August 17. The DPS Fusion Center asserted that the Netsential breach did not compromise patients' passwords, Social Security numbers, or financial information. Moreover, it admitted that the breach enabled unauthorized third parties to use Netsential labels on DPS Fusion Center files to identify citizens as being COVID-19 positive. Both Netsential and the DPS Future Center later stressed that they had implemented enhanced security measures to prevent similar threats in the future.