http://www.journalstar.com/articles/2006/06/29/local/doc44a3fa6c4f795799631319.txt By NATE JENKINS Lincoln Journal Star June 30, 2006 Personal and financial information of more than 300,000 people may be in the hands of a hacker following a Wednesday break-in of the state computer system that processes child-support payments. A preliminary investigation of the incident suggests that the hacker did not download the information, said State Treasurer Ron Ross. But the possibility does exist. "Based upon the method of attack, it is more likely the hacker's intent was not to steal information, but rather to do something malicious since the hacker inserted a virus onto the server, which we immediately removed," Ross said. The child-support payment system was centralized in the treasurer's office five years ago and now processes $1 million in transactions daily. Identity information potentially stolen by the hacker, which investigators believe may be based outside the U.S. and possibly in Asia, includes: names, addresses, bank account numbers, social security numbers and tax identification numbers. Roughly 300,000 individuals and 9,000 employers may be affected. Ross said it was the first time the computer system, called KidCare, had been hacked. He was not aware of similar security breaches in other states. The break-in, which Ross said lasted about 40 minutes, was detected by an employee after coming to work Wednesday morning. The system is not monitored 24 hours a day by a person. The State Patrol has initiated a full investigation that could include help from the FBI and other agencies. Ross pledged to "get to the bottom of it" and implement new safeguards to prevent future break-ins. But that won't likely include round-the-clock monitoring of the system by a person. "I don't think we're at a point in government we want somebody standing by a computer screen 24-7, but we do need protocols in place," Ross said. "We thought we had good safeguards...somebody got in a door we didn't think they'd be able to get into." The hard drive and server affected by the breach were immediately replaced. Unlike many arms of state government, the child-support system is not part of the state's centrally controlled computer system, said Brenda Decker, chief information officer for the state. The incident will prompt state officials to take a closer look at whether it should be. "We're working with the State Patrol to see if we can make this as secure and hardened as the rest of the system," Decker said. Asked during a press conference if the child-support system had the best available security system, Ross said he believed it did. Those who pay or receive child-support should closely monitor their bank accounts, and are advised to close them if the see suspicious activity. © 2002-2006, Lincoln Journal Star. All rights reserved. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Fri Jun 30 2006 - 09:44:17 PDT