[ISN] California server hacked; employment data at risk

From: InfoSec News (isn@private)
Date: Tue Feb 17 2004 - 06:06:23 PST

  • Next message: InfoSec News: "[ISN] First Fallout from Code Leak Hits the Web"

    http://www.usatoday.com/tech/news/computersecurity/2004-02-13-calif-spam-hack_x.htm
    
    2/13/2004 
    
    SACRAMENTO (AP) - Hackers broke into a state agency's server
    containing the sensitive personal information of tens of thousands of
    people who work as nannies, butlers, and gardeners, and those who
    employ them.
    
    Evidence of a computer break-in at the Employment Development
    Department was discovered Jan. 20 during a routine check and
    immediately shut down the server that holds information on household
    workers and their employers, spokesman Kevin Callori said Friday.
    
    The server houses information on about 90,000 people.
    
    The hackers gained access to employee's names, Social Security numbers
    and wage records, and some employers' Social Security numbers, Callori
    said.
    
    "It's our belief that that the chances of sensitive information having
    been released was minimal," said Chief Kevin Green, head of the
    Information Management Division for the California Highway Patrol.
    
    Investigators think the hackers broke in to the server to use it to
    e-mail spam, not to collect information for identity theft, Green
    said. It happened sometime before Jan. 20, but Green would not say
    when.
    
    As a precaution, letters dated Feb. 11 warned household employers and
    employees of the breach and referred them to the state Office of
    Privacy Protection for help.
    
    There are no suspects, Green said.
    
    Callori said the EDD has never had such a breach, although it has
    happened at other agencies.
    
    In May 2002, investigators discovered that hackers had gained access
    to a state database that contained sensitive personal information on
    thousands of state workers.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Feb 17 2004 - 09:18:48 PST