BreachExchange mailing list archives
Warnings issued after possible security breach
From: kirniki <kirniki () gmail com>
Date: Fri, 11 Dec 2009 21:23:17 -0500
http://minnesota.publicradio.org/display/web/2009/12/11/security-breach/ St. Paul, Minn. — The state of Minnesota has directed all of its agencies to stop using a Texas company state officials hired to verify the identities of new employees. A state official told MPR News that it is notifying some 500 employees that their personal data -- including names, dates of birth and Social Security numbers -- may have been accessible on the company's Web site. For more than three months, state agencies have used Lookout Services of Bellaire, Texas, to verify that new hires are authorized to work in the United States. The state had paid the company $1.50 a name to run employee data through the federal Department of Homeland Security's E-Verify program, which confirms that a worker has legal status and a valid Social Security number. This week, Minnesota Public Radio was able to access state employee data on Lookout Services' Web site without using a password or encryption software. Employee names, birth dates, Social Security numbers and hire dates were visible on the Web site for every state agency using the service.\ [..] Lookout Services confirmed an earlier security breach occurred in October. CEO Elaine Morley said that breach occurred because a Lookout Services employee had used a Web address at an online education seminar that gave access to real data. Company attorney David Person said its officials plugged "the hole" after that incident but did not alert clients whose employees' data might have been viewed. "As far as I know, [the company] was investigating how they got in," Person said. Lookout Services did not inform the Department of Homeland Security about the lapse because it did not have to. [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Warnings issued after possible security breach kirniki (Dec 11)
- <Possible follow-ups>
- Warnings issued after possible security breach kirniki (Dec 11)