Huge Data Breach Puts 200,000 at Risk

/ Source: SecurityNewsDaily

A huge data breach at a Massachusetts government agency has put the personal information of hundreds of thousands of state residents at risk.

The Massachusetts Executive Office of Labor and Workforce Development (EOLWD) reported yesterday (May 17) that about 1,500 computers belonging to the departments of Unemployment Assistance and Career Services were compromised, resulting in the exposure of names, Social Security numbers, employer identification numbers, and email and home addresses of as many as 210,000 people.

Banking information may also have been stolen in the breach.

Joanne F. Goldstein, secretary of Labor and Workforce Development, apologized in a press release, and said her department is "in the process of individually notifying all residents whom we think could be impacted."

Goldstein added, "We take our customers privacy very seriously. Unfortunately, like many government and nongovernment organizations we were targeted by criminal hackers who penetrated our system with a new strain of a virus."

That virus, the press release explains, is called W32.QAKBOT, a Trojan designed to infiltrate computer networks and allow the attackers to gain access to sensitive data.

The EOLWD says the breach is "no longer active," and that it is working with the Attorney General's Cyber Crime Unit, the Office of Consumer Affairs and the FBI to investigate the cyberattack and to "minimize the impact to the commonwealth's constituents."

The EOLWD discovered the breach on April 20, and, with the security firm Symantec, took steps to remove the Trojan and clean the infected machines. The agency found, however, that the virus "was not remediated as originally believed," and that it was the persistence of the virus that resulted in the data breach.