Posts Tagged ‘hacked’

Who Breached: Virgina Prescription Monitoring Program

Number Affected: 8 million +

Information breached: Prescription records

How: hacker

This isn’t an April Fool’s Joke, though it may seem like it. Hackers allegedly broke into a Virginia state website used by pharmacists to track prescription drug abuse. The hackers then deleted records on more than 8 million patients and 35 million prescription records.

Not satisfied just with the data, the alleged hackers replaced the site’s homepage with a ransom note demanding $10 million for the return of the records. The site is now completely unavailable (the state shut down access after they detected the breach), though the message was recorded.

“I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.”

Director of Virginia’s Department of Health Professions, Sandra Whitley Ryals, declined to discuss the reported hack, saying [PDF] only that an investigation is underway by federal and state authorities. She said that they are working with experts to restore systems and ensure they’re safe. The Virginia Department of Health Professions says that all data has been backed up and those files remain secure. There is no word yet if affected patients will be contacted about this breach.

Via consumerist, washington post, computerworld

Monster.com posted on January 23rd that their database had been hacked, this being the third time the company has experienced a breach of this sort.

The breached data includes contact information such as email addresses, phone numbers and usernames/passwords, but does not include personal data such as Social Security Numbers or financial data, as that is not data collected by the company. The breach affects USAJobs.gov (official job site for the US Federal Government) as well as Monster.com.

Despite the fact that SSNs and financial data was not breached, consumers should still be concerned about their lost data. Email addresses and other personal information can be used in various identity theft scams as a means to gain higher-level personal data. If consumers use the same access username & password for banking services, which is all too common (41% user the same password for everything, via Sophos), this information can be used directly in fraud or identity theft.

Here’s an opinion video from Sophos about the Monser.com breach and why it’s important:

In August 2007 Monster.com experienced a data breach that affected 1.3 million people, who then were targeted by phishers, and in October of the same year another a hacker hijacked job listings to infect visitors with malware.

Monster.com recommends that its users change their passwords (making it mandatory on the site), with a warning to not fall prey to phishing attacks based on that premise. Monster.com will not be contacting consumers about this breach, by email or by mail.

For tips about choosing a strong password, read here or here.

Via I’ve been mugged

The Financial Times reports that Chinese hackers penetrated the White House computer network on multiple occasions, obtaining emails between government officials. On each hacking incident, the cyber criminals were able to steal information before the White House security systems and professionals could patch the security holes.

The new insight comes on the heels of another report that the presidential campaigns of Barack Obama and John McCain were hacked over the summer. The FBI and Secret Service revealed to each Obama and McCain that large amounts of files had been stolen as related to policy positions – information that may be useful in future negotiations with the U.S. administration. The hack came from a “foreign entity”, either Russian or Chinese.

Subsequent reports indicated that the attacks on the Obama and McCain systems came from China, and that other cyber attacks have been made on the White House from the same source. E-mail archives were attacked several times in recent months, a constant “cat and mouse” game with defenses going up each time a new attack was detected.

It is difficult to trace the exact source of the attacks. It is reported that, as far as the White House attacks go, only the unclassified network was breached. That doesn’t mean the information was not valuable or sensitive, nor that classified information was not present.

Also in Government related news:

• Google shares health searches with government (CNet)
• Inmate hacked prison network, broke into employee database (Register)
• Hackers buy their way into Obama search results, seed malware (Times Online)
• FTC grants delay in enforcement of ‘red flags’ identity theft program (TFC)
• IRS rolls out system with known security issues [PDF] (.Gov)
• Nevada, Massachusetts roll out new data privacy laws (WSJ)

For more information on Absolute’s services for the Government sector, read here.

Via CNet image: barackobama.com