|
Videos
May 18, 2011 By News Staff
Thousands of Massachusetts residents may have had their personal information stolen in a data breach disclosed Tuesday, May 17, by the state’s labor office.
The W32.QAKBOT worm may have infected as many as 1,500 computers in the departments of Unemployment Assistance and Career Services, including in the state’s One-Stop Career Centers.
Confidential information that may have been stolen includes Social Security numbers, Employer Identification Numbers, e-mail addresses and residential or business addresses. Bank information may also have been taken.
There is no way to tell exactly how many claimants had their personal information compromised, “but any claimant who had their [unemployment insurance] file manually accessed could be affected,” according to the Executive Office of Labor and Workforce Development.
The labor office discovered the presence of the virus April 20, but discovered on Tuesday that the virus was still active and hadn’t been immediately eliminated as first believed. The office worked with its security vendor, Symantec, to shut down the system and contain the virus.
The 1,200 businesses in the state that manually file their quarterly statements might also have had information transmitted through the virus. “For a claimant to have been impacted, a staff person would have had to key in sensitive information at an infected workstation,” the labor office said.
Joanne F. Goldstein, secretary of Labor and Workforce Development, apologized for the breach and said the impacted businesses and citizens were being notified that their information may have been compromised.
Discovered in 2009, W32.QAKBOT is a worm that steals personal information and spreads through website vulnerabilities and malicious links, according to Symantec.
You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Massachusetts-Unemployment-Insurance-Data-Breach.html
Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Isn't it just lovely how nonchalant all of these apologies sound from these ill-prepared, ill-equipped 'data storage houses' when informing compromised parties. There's almost an air of "You should appreciate that we even let you know". The lack of accountability is sickening. I'd imagine they'll offer 0 assistance to those affected who are scrambling to get accounts closed, numbers changed, passwords changed, etc. Shameful!
Scrambling to get social security numbers changed... can't do that...
"Discovered in 2009" !?!?!?! And Symantec didn't prevent the infection in 2011? Something is wrong, here.
Sorgfelt is right! Any anti-virus software worth their salt should not allow a worm discovered two years ago to get by the detection and prevention capabilities built into their product. If the IT folks at the Massachusetts Department(?) of Labor and Workforce Development properly installed and configured the software, Symantec should foot the expense of this breach.
Wow this is scary! So is this why I was prompted to call the authentication unit when I tried filing my weekly telecert for unemployment by phone? I hope none of us were compromised!