follow-up: FBI expects Va. hacker probe to take two more weeks

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.timesdispatch.com/rtd/news/local/article/HACKGATER12_20090512-180002/267283/

By Tyler Whitley
Richmond Times-Dispatch
May 12, 2009

The FBI has not discovered the hacker who broke into the Department of 
Health Profession's computer, nor has it discovered what private 
information was retrieved, Virginia's Secretary of Health and Human 
Resources Marilyn B. Tavenner said today.

Questioned intensely by members of the House Appropriations Committee, 
Tavenner said the FBI thought it would take another two weeks to complete 
its investigation.

"They said it was like looking for a needle in the haystack, but they have 
ways to find the needle," she said.

Someone broke into the Department's database of addictive prescription 
drugs, such as oxycontin, morphine and Methadone. The data are kept to 
monitor who is using the drugs. The user's name and address, the date of 
birth and the substance are in the database.

The department recognized an unauthorized message posted on the Web site 
on April 30. The computer systems were shut down and state authorities 
were notified. All data had been properly backed up and back up files had 
been secured, Tavenner said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php