Use of Proxy Sites Behind Leakage of Personal Information
Germany's Department of Financial Services found during the second week of March 2008 that some government employees used a substitute server to access their payroll data online. They exposed their private information putting the latter at risk of identity theft. The incident prompted recreating of passwords all over the state.
According to the DFS officials, a "proxy Website" behaves like a mirror onto the user's computer. It lets users to conduct searches on the Internet without leaving behind any clues. An employee desiring to reach a site such as MySpace or YouTube on a government computer might visit a proxy Website and then clicks for many other sites. However, since users are not aware about who might be watching their entries onto the proxy site their entries of information relating to sign-on and password might be intercepted.
But, officials at DFS said that it is not possible for anyone to hack into the accounting system of the state. Still, they don't know how to handle the data that employees entered on the proxy site. The security breach on the data required no computer or e-mail system, simply the payroll Website, where employees could view their W-4 forms and rest of the payment data.
Kevin Cate, Deputy Communications Director of the Department of Financial Services said on March 24, 2008 that instead of following the regular procedure on myfloridacfo.com site, some staff members had used the veryfastproxy.com site, as reported by News-Press on March 25, 2008.
Employees who accessed the payroll system had followed the steps in the proxies for a minimum of five times. This baffled supervisors, who could not determine the places those employees visited via their computer. Although there neither occurred any security breach nor incidents of identity seizure, still the DFS has mandated for a nation-wide re-crafting of passwords for employees who might access the state payroll system.
Kevin said that the department conducted an open investigation while stressing that merely personal information of the employees might be in danger without exposure of the system's entire data. Meanwhile, DFS has snapped its links from the services of all known proxies.
Related article: US Passes Baton to Asia in Spam Relay
» SPAMfighter News - 01-04-2008