BreachExchange mailing list archives
Cumberland investigates website security breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Thu, 17 Jan 2013 13:42:04 -0500
http://www.wcsh6.com/news/article/227927/314/Cumberland-investigates-website-security-breach CUMBERLAND, Maine (NEWS CENTER) -- The town of Cumberland is trying to figure out how a 2008 document with the names and social security numbers of 275 employees was uploaded to the town's website. That document has since been taken down and removed from the caches of all search engines. The good news is, none of the employees who are affected appear to have had their identities stolen. And the town is giving all of them 3 months of free credit monitoring so any problems will be picked up on quickly. But this is still pretty scary to those impacted because there's a lot the town doesn't know right now. Winthrop EMS Chief John Dovinsky, who used to do paramedic work for Cumberland said, "It's certainly concerning. If you consider the fact that the business that we're in, we're very careful to safeguard people's information. You always expect that your employer is going to do the same, safeguard your information." This all came to light because an employee decided to Google himself last week. Up popped a link to a 2008 quarterly spreadsheet that Cumberland submits to the Maine Department of Labor for unemployment purposes. That spreadsheet, which was posted to the town's website, includes names and social security numbers. The employee called Town Manager Bill Shane, who says he immediately got his IT team and security companies working on scrubbing this document from the web. It's no easy feat, as search engines cache web pages on a regular basis. Shane says he's confident that document cannot be accessed online now, but the town is still trying to figure out how it got there, and how long it's been there. The town switched web hosts in 2011 and knows the document has been online at least that long. In the meantime, 5 managers are now going to be notified every time a document is uploaded to the town's website, so they can make sure it's supposed to be there. Shane said, "It's unsettling. It's very unsettling. It's disappointing and hopefully we'll find out how so we can prevent it for the future." Shane is among those whose information was compromised. He says he expects the IT and security teams working on this will have a report by mid-February with more information, which he will then share with the affected employees. The town is offering 3 months of credit checks because they've learned that most people who steal identities use the information within a month of the theft. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Cumberland investigates website security breach Erica Absetz (Jan 17)