[ISN] State computer security breached

From: InfoSec News (alerts@private)
Date: Sun May 20 2007 - 23:27:02 PDT


http://www.sj-r.com/sections/news/stories/114739.asp

By Mike Ramsey
GATEHOUSE NEWS SERVICE
May 19, 2007

CHICAGO - The state's professional-regulation department is notifying 
roughly 300,000 licensees and applicants that a computer server with 
some of their personal data was breached early this year, a spokeswoman 
for the agency said Friday.

Potentially at risk for identity theft are banking and real-estate 
professionals whose licensing information - including addresses, tax 
numbers and Social Security numbers - were kept on the storage server, 
said Sue Hofer, spokeswoman for the Illinois Department of Financial and 
Professional Regulation.

The individuals will receive letters advising them how to monitor their 
credit histories to determine if they have been victimized, she said, 
adding that it will take about a week to get all the letters out.

"We are doing everything we can to help the licensees protect 
themselves," Hofer said.

She said investigators have determined that the breach "looks like 
criminal conduct," and the hacking appears to have come from a source 
outside state government.

Department officials notified the Illinois State Police and FBI after 
they determined on May 3 that the computerized information had been 
compromised, probably in January, Hofer said.

She said authorities initially asked Gov. Rod Blagojevich's 
administration not to tell licensees about the breach so that the 
investigation would not be compromised. The administration also did not 
immediately inform members of the General Assembly at the request of 
authorities, Hofer said.

Spokespeople for the state police and FBI could not be reached Friday 
afternoon for comment.

Hofer said the information about the banking and real-estate licensees 
was six to 12 months old. She said the breached server did not contain 
credit-card information.

The suspected hacking of the state records follows several high-profile 
thefts of databases. Last month, two laptop computers containing 
information about 40,000 employees were stolen from Chicago Public 
Schools headquarters. Discount retailer T.J. Maxx disclosed earlier this 
year that credit-card data of customers had been compromised.

State law is somewhat open-ended about how soon a public or private body 
must notify individuals when their personal data has been stolen, said 
Deborah Hagan, the chief of consumer protection for Illinois Attorney 
General Lisa Madigan.

The law allows investigators to delay disclosure, she said.

"I think there has to be a balance in terms of getting this information 
out to affected persons as quickly as possible ... versus not 
interfering with an investigation which may result in catching the 
perpetrator," Hagan said.

Madigan's office offers instructions on combating identify theft at this 
Web address: www.illinois attorneygeneral.gov/consumers/ hotline.html. 
Consumers can also call a hot line - (888) 999-5630 - during business 
hours.

The state Department of Financial and Professional Regulation has 
information about the breach at www.idfpr.com.

The 300,000 licensees affected by the incident include mortgage brokers, 
pawn-shop operators and real-estate agents, Hofer said. Her agency 
licenses a total of 1.2 million professionals in Illinois, she said.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun May 20 2007 - 23:43:14 PDT