BreachExchange mailing list archives
County computer security breach traced to Europe
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 24 Apr 2013 10:26:26 -0400
http://globegazette.com/news/local/county-computer-security-breach-traced-to-europe/article_705bb77e-ac86-11e2-a767-001a4bcf887a.html MASON CITY — Cerro Gordo County supervisors learned Tuesday a security breach of the county computer system was caused by someone with a European IP address. County Treasurer Pat Wright said the breach appears to have affected just one county computer, which was targeted by the hacker. “It was a one-in-a-million hit,” said Wright. The incident occurred in February and was first thought to have originated with Shazam, a financial clearinghouse used by the county and other governments for transactions involving millions of dollars. No theft occurred but county officials said it was possible the hacker gained access to county employees’ personal information since many have their paychecks direct-deposited. The county hired McGladrey & Pullen to perform a review analysis and forensic services on an additional county computer and will continue to monitor the county network, said Wright. “We’ve been told our firewall was effective and we will continue to review our security measures,” she said. Wright said the FBI has possession of the computer but declined any further comment so as not to hinder an ongoing investigation. She said the county is working with McGladrey and various authorities to make sure no further problems occur. After the breach was discovered, the county also hired TrustedID of Palo Alto, Calif., to help individual employees guard against possible identity theft. The county is picking up the cost, which is $93.75 per employee. County Administrative Officer Tom Drzycimski told supervisors Tuesday 62 employees have signed up, about one-fourth of the work force. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- County computer security breach traced to Europe Erica Absetz (Apr 24)