An investigation of intrusions into Yellowstone County's computer servers showed numerous hacking attempts but no theft of personal information in the two attacks that were analyzed.

A preliminary report by AtaData, a Butte computer company the county hired in July to conduct a forensic analysis, said there was evidence of numerous hacking attempts during the previous 18 months.

Because of the volume of information and time-sensitive nature of the case, AtaData limited its analysis to two intrusions, one on July 12 and another on July 13, said James Holmes, an AtaData investigator, in a preliminary report to the county earlier this month.

"It was determined that no personal information was gathered by the hackers responsible for these two attacks; however, critical personal information stored on this server was vulnerable," Holmes said.

The county learned on July 14 that a hacker had entered its website and that there was potential for taxpayers who pay by electronic transfer to have had account numbers exposed. The risk did not apply to those who do county business by credit or debit cards or by check.

The county shut down its website, then brought back read-only data and then other information. The website is about 90 percent restored, Ross Cavazos, the county's information technology director, said Tuesday.

Property tax payments and motor vehicle renewals remain off-line.

The county also sent letters to about 2,500 taxpayers telling them what happened and recommending diligence in monitoring their accounts for any unauthorized transactions.

No unauthorized transactions were reported, Cavazos said.

The investigation found that one of the attacks came from South Korea and another from Hong Kong. AtaData said it was likely that two different persons were responsible but that one person could have done both using machines in different locations.

The July 12 attack, which lasted from 7:23 a.m. to 8:02 a.m., targeted a server with numerous databases, the report said. A large amount of information from one of the databases was transferred but the information was already public record, the report said.

The July 13 attack ran from 5:12 a.m. to 5:28 a.m. The analysis found that the potential to get personal information existed, but that the attack stopped before that information was transferred.

While it was "highly probable" that large amounts of information from various databases were transferred during some of the attacks, it was "less probable" that the information collected by hackers came from the database that contained the private information, the report said.

"However, it is not impossible, and therefore, any necessary precautions to secure these accounts should be taken," the report said.

The county already has taken steps to strengthen its security, Cavazos said.

Catching the hacker or hackers is a longshot.

"That's an almost impossible task," Cavazos said, because hackers could be anywhere and they're difficult to track.

The investigation so far has cost $14,000 and the final bill shouldn't be much more than that, he said.

Get local news delivered to your inbox!

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Contact Clair Johnson at cjohnson@billingsgazette.com or 657-1282.