California server hacked; employment data at risk

[InfoSec News <isn () c4i org>]

http://www.usatoday.com/tech/news/computersecurity/2004-02-13-calif-spam-hack_x.htm

2/13/2004 

SACRAMENTO (AP) - Hackers broke into a state agency's server
containing the sensitive personal information of tens of thousands of
people who work as nannies, butlers, and gardeners, and those who
employ them.

Evidence of a computer break-in at the Employment Development
Department was discovered Jan. 20 during a routine check and
immediately shut down the server that holds information on household
workers and their employers, spokesman Kevin Callori said Friday.

The server houses information on about 90,000 people.

The hackers gained access to employee's names, Social Security numbers
and wage records, and some employers' Social Security numbers, Callori
said.

"It's our belief that that the chances of sensitive information having
been released was minimal," said Chief Kevin Green, head of the
Information Management Division for the California Highway Patrol.

Investigators think the hackers broke in to the server to use it to
e-mail spam, not to collect information for identity theft, Green
said. It happened sometime before Jan. 20, but Green would not say
when.

As a precaution, letters dated Feb. 11 warned household employers and
employees of the breach and referred them to the state Office of
Privacy Protection for help.

There are no suspects, Green said.

Callori said the EDD has never had such a breach, although it has
happened at other agencies.

In May 2002, investigators discovered that hackers had gained access
to a state database that contained sensitive personal information on
thousands of state workers.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.