The W32.QAKBOT worm may have infected as many as 1,500 computers in the departments of Unemployment Assistance and Career Services, including in the state’s One-Stop Career Centers.
Confidential information that may have been stolen includes Social Security numbers, Employer Identification Numbers, e-mail addresses and residential or business addresses. Bank information may also have been taken.
There is no way to tell exactly how many claimants had their personal information compromised, “but any claimant who had their [unemployment insurance] file manually accessed could be affected,” according to the Executive Office of Labor and Workforce Development.
The labor office discovered the presence of the virus April 20, but discovered on Tuesday that the virus was still active and hadn’t been immediately eliminated as first believed. The office worked with its security vendor, Symantec, to shut down the system and contain the virus.
The 1,200 businesses in the state that manually file their quarterly statements might also have had information transmitted through the virus. “For a claimant to have been impacted, a staff person would have had to key in sensitive information at an infected workstation,” the labor office said.
Joanne F. Goldstein, secretary of Labor and Workforce Development, apologized for the breach and said the impacted businesses and citizens were being notified that their information may have been compromised.
Discovered in 2009, W32.QAKBOT is a worm that steals personal information and spreads through website vulnerabilities and malicious links, according to Symantec.
