KY. data breach affects 2,500

[InfoSec News <alerts () infosecnews org>]

http://www.clinical-innovation.com/index.php?option=com_articles&view=article&id=35217:ky-data-breach-affects-2500

By Editorial Staff
Clinical-Innovation.com
September 20, 2012

The Cabinet for Health and Family Services is informing approximately 
2,500 clients by letter of a possible employee email account breach that 
may have resulted in the unintentional release of information held by 
the Cabinet’s Department for Community Based Services (DCBS).

According to a statement posted on the Frankfort, Ky.-based 
organization’s website, in July, a DCBS employee responded to a 
“phishing” email sent by a hacker. Unauthorized activity on the account 
was identified within a half hour and the account was immediately 
disabled. There is no evidence that the confidential contents of the 
email account were accessed or viewed, but the hacker did have access to 
the email account for a brief period. Data about the individuals being 
notified was included in the National Youth Transition Database 
monitoring those in the process of or who have recently aged out of the 
foster care system.

“In all likelihood, the hacker intended to access the state government 
email server to send spam emails and did not access or view client 
information,” said Rodney Murphy, executive director of the Office of 
Administrative and Technology Services.

[...]

--
ExpandingSecurity.com Live OnLine classes won’t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
ISSAP info signup: 
http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/