Hacker Breaks Into Illinois’ State Department Server
In an investigation of a case of security breach that helped hijack sensitive information of 300,000 users in Illinois, the FBI suspects involvement of an external hacker.
A hacker invaded the network of computer systems at the Illinois Department of financial and Professional Regulation in January 2007 and managed to reach a server containing information on 1,200,000 people who are registered with licenses or have applied for the same at the department. Susan Hofer, the department's spokeswoman said in a statement that ITNews published on June 6, 2007.
According to Hofer, the server held confidential information including names, addresses and Social Security numbers of people who have or applied for loan related licenses or for real estate agent licenses. The server was also used to examine new software.
Since the discovery of the breach, the hacked server has been quarantined and all the connected systems were put through a thorough check for any probable security breach, the FBI said.
According to Hofer, the breach seems to have occurred in January 2007 though it was discovered only in May 3, 2007. After this the department reported it to the FBI. The agency asked the department not to disclose the breach publicly until they started the investigation. When on May 17, 2007 the FBI gave the OK signal, the department started to send notification letters to the affected people, Hofer said.
The security in the department's systems were so designed that anyone unfamiliar with it would not be able to match the names with the Social Security numbers stored in the data, Hofer explained. Although the server had a breach, an additional layer of firewall in it would have probably defeated the access to the information.
The department recommended verification of credit card statements of people who suspect any impact of the breach or identity fraud on their account details. The Web site of the state also suggests informing the bureaus receiving credit reports as well as filing reports with the police department whenever appropriate.
Related article: Hacker & Virus in MySpace
» SPAMfighter News - 18-06-2007