http://www.timesargus.com/apps/pbcs.dll/article?AID=/20060128/NEWS/601280319/1003/NEWS02 By Ray Henry Associated Press January 28, 2006 PROVIDENCE, R.I. - Thousands of credit card numbers were stolen from a state government Web site that allows residents to register their cars and buy state permits, authorities said Friday. New England Interactive, the company that runs the Web site, also manages Web sites for state governments in other states, spokeswoman Renee Loring said. On Friday morning it listed Vermont, Maine and New Hampshire as clients. Loring said its other state Web sites were not affected. The private company that runs RI.gov told the state this week that 4,118 credit card numbers had probably been taken, a state official said. All online transactions were suspended Friday until any possible security problems could be fixed, and the state planned to notify cardholders of the breach, said Beverly Najarian, director of the Department of Administration. No fraudulent purchases had been reported so far, Najarian said. NEI said using the stolen information to make a fraudulent purchase would be difficult. The site's system only records partial credit card numbers, Loring said. The breach on Dec. 28 was detected during a routine security audit and reported to the state government the following day, Loring said. At the time, the company believed only eight credit cardholders were affected, she said. But soon after, an outside security firm discovered a Web site in Russian listing the names and partial credit card numbers of several residents, Najarian said. The site, purportedly written by a university student, claimed he overslept class, found Rhode Island's Web site and hacked into it. The posting details how he was able to hack the site. The purported hacker said he obtained 53,000 credit card numbers. Loring said the total was much smaller, but would not put an exact number on the amount, estimating it was in the thousands. She said she did not know when NEI realized that breach was greater than first believed. Steven O'Donnell, spokesman for the Rhode Island State Police, said a computer crimes team was investigating the case. NEI tightened security, Loring said, although she declined to describe the measures. She said the Web site is "absolutely safe" and the intrusion was reported to financial institutions. The state did not tell consumers about the breach in December because the hacking appeared limited, Najarian said. Jeff Neal, a spokesman for Gov. Don Carcieri, said NEI's contract to run the state's Web site expires this summer and the governor's office plans a review before deciding whether to extend it. Officials at Vermont's Department of Information and Innovation did not immediately return a call for comment. Erin Hutchins, who manages the Maine government's site, said there have been no reports of hacking. New Hampshire Fish and Game Department spokeswoman Liza Poinier said New England Interactive hasn't handled the transactions on its Web site for about 18 months. The Rhode Island Web site allows residents to complete dozens of transactions online. --- On the Net: Rhode Island state Web site: http://www.ri.gov New England Interactive: http://www.neinetwork.com Maine state Web site: http://www.maine.gov New Hampshire Fish and Game: http://www.nhfishandgame.com _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Jan 29 2006 - 22:37:13 PST