Aetna Faces Website Hacking

Connecticut (USA) based health insurance firm Aetna Inc., discovered that its recruitment website was hacked, officials state.

The affected site stored HR-related e-mails consisting of names, Social Security numbers, e-mail addresses and other personal information belonging to nearly 450,000 people whom the company had offered employment, however, Aetna reported, till now it seems that just the e-mail addresses of the applicants have been stolen.

Said the firm that it became aware of the breach during early May, 2009 when complaints arrived from the applicants that phishing e-mails were coming into their inboxes. These e-mails falsely informed the recipients that they were recruited for a job for which they were required to provide some personal information.

However, as a measure of precaution, Aetna immediately took the compromised Internet site offline and put it under investigation. The company, meanwhile, has posted an alert on its key site http://www.aetna.com, informing consumers of fraudulent e-mails purporting to be from Aetna but really being from someone else.

In addition, Aetna has got in touch with 65,000 existing and previous employees who might have been affected due to a possible compromise of their Social Security numbers during the security breach. The health insurer has also offered a year's free credit monitoring to these employees.

Moreover, Aetna has hired the services of an external company for a detailed forensic examination of the attacked site, but the method of the breach remained undetermined.

Spokeswoman Cynthia Michener for Aetna reported that e-mails were accessed during the hack, although it is not known if the hackers had managed to get the Social Security numbers or other critical information. Timesoftheinternet reported this on May 28, 2009.

Ms. Michener further said that a few of the e-mail addresses that the cyber criminals captured were picked up from the affected site so that the criminals could use them to follow the job applicants.

State the security specialists that websites nowadays are being increasingly hacked to launch phishing attacks. Recently when hackers attacked Facebook, they compromised users' accounts and sent out to the latter's friends, phishing links that led to a fake login page for Facebook.

» SPAMfighter News - 6/4/2009