Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
Indiana state government technology and information officials on Tuesday said a series of spam emails sent overnight and into the early morning were the result of a former contractor being hacked.
Over several hours late Monday and early Tuesday, Indiana state government email newsletters sent spam messages claiming recipients have outstanding toll balances.
The email’s subject line is “TxTag Account Suspension Warning,” and recipients are directed to pay unpaid tolls of $5 or $6.69. The email also threatens penalties, such as vehicle registration holds, for failure to pay.
In a statement Tuesday, Indiana Office of Technology officials said the emails were scams and discouraged recipients from clicking on the links.
“The State does not send unpaid toll notifications via text or email messages,” the notice said.
The emails are the result of a hack affecting a former state contractor, according to the notice. The Indiana Capital Chronicle reports the program is by Colorado-based Granicus, and the state said its contract with the company ended on Dec. 31, 2024.
However, the company did not remove the state’s account.
Officials were not aware of any current state systems being compromised.
Secretary of State Diego Morales advised all Hoosiers who received the messages to avoid clicking on links or attachments in those emails and to delete them immediately.
“These scams are dangerous, deceptive, and disruptive,” Morales said in a written statement. “I want to remind all Hoosiers to be cautious before opening emails and clicking on any unsolicited links, especially those that request personal information or direct you to unfamiliar websites. Your security is our top priority.”
It’s unclear if all state government entities were impacted, but a large swath of agencies, boards and offices sent similar emails to IBJ. Several agencies sent multiple emails with the same message.
Those entities include the Governor’s Office, Department of Health, Family and Social Services Administration, State Comptroller, Department of Veterans’ Affairs and Department of Transportation.
More niche email lists were also affected, such as the Opportunity Investment Consortium of Indiana, the Emergency Operations Center and the Education Employment Relations Board.
Emails received by IBJ began just before 11:30 p.m. Monday and continued throughout the night and early Tuesday morning until about 7:40.
Please enable JavaScript to view this content.
Thank you IBJ. I had wondered as even though they looked authentic, I had received multiples.
State government at its best with antiquated security systems in place!
You didn’t read it very well. It was a contractor that didn’t remove the state from their email marketing system. Antiquated and email marketing don’t go together. Lol
No Mark, you didn’t read it very well, the state is placing blame on the contactor even though the state left their door wide open for the hack. The contractor was simply the door in which the hackers used to access state information. Furthermore, why would the state give this contractor our information. I’ve never authorized them to share information. I do not have a TxTol account. Michael is 100% accurate in the State does nothing to protect their date and Yes, it is antiquated and outdated. Pathetic IMO.
This was a private industry contractor who failed to both clean their database and maintain their security, not the government. Private industry messes up all the time but heaven forbid that fact get in the way of the old chestnut of private industry = always better.
I was confused as well since it came from an indot text that was active
The funny part was one of my several emails was all in Chinese script. Kind of a giveaway it was a hack spam.
啊,你发现我们了!
In addition to the TxTag emails from INDOT, I got at least one from Revenue alerting me to a problem with my PayPal account. Obviously bogus but I wonder if it was part of the same hack.
So, the State blames the contractor, but where are the protections for the citizens whose information has been hacked? Were there no service level agreements in place to warranty protections once the contract was done?
What exactly is the State doing to assure the information is being protected from here on out and other systems reviewed and protected?
Excellent point. I received at least five of these emails this morning. IBJ can you look into this? Does this company have other information related to those who received the emails – such as SSNs and other private information?
Fake emails started before midnight last night and fake text messages started before 7:00am this morning—all from accounts where legit InDOT messages were sent and opened by recipients previously. So why wouldn’t recipient open and click? It should not have take state so long informing us they were fake. And why not directly rather than via the media? That’s my concern.
What a predictable comments section. A hack occurs – as they do everywhere all over the world every minute of every day – and people use it as an excuse to argue politics.
Here’s a (non-political) tip for everyone. If you receive an email you’re not expecting that contains a link for you to click, DON’T CLICK ON IT.
I received one of these emails and thought, “that looks bogus.” So I deleted it without clicking on anything.
These things come from anywhere snd everywhere. Stop blaming one party or the other. Just use your head.