Nebraska Workman's Comp. Hacked, Personal Info Jeopardized

From Journalstar:


The Nebraska State Patrol and FBI are trying to figure out who hacked into a Nebraska Workers' Compensation Court computer server -- and whether the hacker took personal information.
The state agency learned last week someone had broken into a server that temporarily held injury reports, said Glenn Morton, court administrator for the Workers' Compensation Court.
Personal information, including birth dates and Social Security numbers, would have been in the server, he said.
Whenever a worker has a job-related injury, a report is filed with the Workers' Compensation Court and the information temporarily stored on that server, Morton said.
"Because of the way that server was set up, we can identify which records were on that server on the dates in question," he said. "We don't know how many. Probably a few thousand. Certainly less than 5,000."
The breach likely occurred in early September, he said, and the server was vulnerable until it was shut down Nov. 9.
"All of our records and computer systems are behind a firewall maintained by (the state's) chief information officer, and they periodically monitor activity in the system," Morton said.
"They noticed that on this particular server there was heavy Internet traffic."
Morton said the patrol was called in the middle of last week when it became clear someone had accessed the server. The patrol is now working with the FBI to ascertain exactly who may have been affected by the breach in security.
Patrol spokeswoman Deb Collins would say only that the investigation is active and ongoing.
When names of people who might have been affected are available, Morton said, those people will be notified.
"We'll send a letter to every employee that was the subject of those records ... alerting them to the fact their records were potentially exposed and to take whatever precautions."
Those precautions include watching bank statements and checking credit reports, he said.
"We have no indication at all that any of the records on that server were actually taken, but there was access," Morton said.
He said he's hopeful whoever hacked into the system might have been more interested in using it as a pass-through to greater Internet access than in taking personal information.
If you were in the workers' comp system:
* File an initial fraud alert with Equifax, Experian and TransUnion credit bureaus; the alert lasts 90 days and lets all three credit agencies know you may be a victim.
* Request a credit report, which you can get for free after a fraud alert.
* Check your accounts so you have up-to-date information and can more easily identify unusual activity.
If you do notice unusual activity or charges:
* File a report with police.
* Close any accounts that have been tampered with.
* Initiate an extended fraud alert, good for seven years.
* Get a credit report

This is absolutely sickening. As some of you may know, my dad was (as a pedestrian) hit by a pickup truck 12 years ago. He has since filed many claims with Workman's Compensation. To find out that some of his credentials (including name, age, address, and social security number) may have been exploited is ridiculous. What's even more disgusting is that Morton (from article post above), seems to be pretty relaxed about the whole situation; saying that "probably a few thousand" records were stolen.

I'm infuriated to find that a very large organization such as this would leave their machines vulnerable to such an attack. Any, and every infrastructure that holds vital information should regularly be pin-tested for security vulnerabilities. Morton states that "All of our records and computer systems are behind a firewall maintained by (the state's) chief information officer, and they periodically monitor activity in the system." However, the organization should NOT be behind only ONE firewall. Any decently organized infrastructure should have multiple layers of security in place.

Another thing that bothers me about Morton's quote is that "They noticed that on this particular server there was heavy Internet traffic." See that? Noticed? You've got to be kidding me. This sounds to be one of their rather heavily used servers in terms of storing information, yet the only noticed that there was heavy internet traffic? Yeah, my elbow. There's clearly more going on here than meets the eye.

There are many things that anger me about this. I could write about this article for a couple of hours, but nobody wants to read that. Have a comment? Leave a comment below or email me.

~Dave