BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Warnings issued after possible security breach

From: kirniki <kirniki () gmail com>
Date: Fri, 11 Dec 2009 21:23:17 -0500
http://minnesota.publicradio.org/display/web/2009/12/11/security-breach/

St. Paul, Minn. — The state of Minnesota has directed all of its
agencies to stop using a Texas company state officials hired to verify
the identities of new employees.

A state official told MPR News that it is notifying some 500 employees
that their personal data -- including names, dates of birth and Social
Security numbers -- may have been accessible on the company's Web
site.

For more than three months, state agencies have used Lookout Services
of Bellaire, Texas, to verify that new hires are authorized to work in
the United States. The state had paid the company $1.50 a name to run
employee data through the federal Department of Homeland Security's
E-Verify program, which confirms that a worker has legal status and a
valid Social Security number.

This week, Minnesota Public Radio was able to access state employee
data on Lookout Services' Web site without using a password or
encryption software. Employee names, birth dates, Social Security
numbers and hire dates were visible on the Web site for every state
agency using the service.\
[..]

Lookout Services confirmed an earlier security breach occurred in
October. CEO Elaine Morley said that breach occurred because a Lookout
Services employee had used a Web address at an online education
seminar that gave access to real data.

Company attorney David Person said its officials plugged "the hole"
after that incident but did not alert clients whose employees' data
might have been viewed.

"As far as I know, [the company] was investigating how they got in,"
Person said.

Lookout Services did not inform the Department of Homeland Security
about the lapse because it did not have to.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: