BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

KY. data breach affects 2,500

From: security curmudgeon <jericho () attrition org>
Date: Sat, 29 Sep 2012 22:51:47 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clinical-innovation.com/index.php?option=com_articles&view=article&id=35217:ky-data-breach-affects-2500

By Editorial Staff
Clinical-Innovation.com
September 20, 2012

The Cabinet for Health and Family Services is informing approximately 
2,500 clients by letter of a possible employee email account breach that 
may have resulted in the unintentional release of information held by the 
Cabinet?s Department for Community Based Services (DCBS).

According to a statement posted on the Frankfort, Ky.-based organization?s 
website, in July, a DCBS employee responded to a ?phishing? email sent by 
a hacker. Unauthorized activity on the account was identified within a 
half hour and the account was immediately disabled. There is no evidence 
that the confidential contents of the email account were accessed or 
viewed, but the hacker did have access to the email account for a brief 
period. Data about the individuals being notified was included in the 
National Youth Transition Database monitoring those in the process of or 
who have recently aged out of the foster care system.

?In all likelihood, the hacker intended to access the state government 
email server to send spam emails and did not access or view client 
information,? said Rodney Murphy, executive director of the Office of 
Administrative and Technology Services.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: