SRA Suffers Virus Attack Leading to Potential Data Loss
SRA International, a government contractor providing privacy and cyber security services, has issued a warning to its staff members that their private information might have been hacked by cyber criminals following the installation of a computer virus on the agency's network.
The virus might have enabled the hackers to access data stored on SRA computers, including names of employees, their birth dates, addresses, healthcare information and social security numbers, notified the company via a posting on the website of Maryland Attorney General.
Security experts also said that hackers might have succeeded in gaining access to SRA database it gathers via questionnaires for recruiting security employees.
The notification also outlined that the virus apparently evaded the antivirus software of the company. Consequently, SRA has been coordinating with its security agency to enhance its detection of the malicious software. It is also probing the breach in cooperation with the US law enforcement agents and the federal government, SRA stated.
Moreover, the notification said that SRA had reported the findings to antivirus vendor to help it update the virus detection definitions. Moreover, the company believes that the security breach might have affected other organizations apart from SRA.
Meanwhile, SRA is refraining from specifying the federal agencies that have been affected due to the breach. However, through its filings in the US Securities and Exchange Commission, the company lists the names of intelligence agencies and other agencies like the US Department of Homeland Security, the US National Guard, and the US Department of Defense as those clients that are affected.
Further, although the company investigators are not sure whether data has been leaked or not, they think it is appropriate to alert its employees of the potential theft. After learning about the breach, SRA started informing all its employees and clients, said Sheila Blackwell, Company Spokeswoman, as reported by ITworld on February 3, 2009.
The reports said that the company has created a separate page about the incident on its portal along with establishing an e-mail ID where affected people could send their queries. Also, the reports indicate that employees would be getting free services of credit monitoring.
Related article: Share of Russian Spam on Internet Increased in October 2008
» SPAMfighter News - 18-02-2009