Hacker Steals Credit Card Data from State Web Site

A hacker appeared to have targeted the state government's Web site to record credit card numbers of 5,600 businesses and consumers, said the Indiana Office of Technology on February 9, 2007.

According to the state office of technology, the security breach occurred on January 25, 2007. The U.S. Secret Service is examining the case. It seems the hackers exploited a security flaw in the system. They gained access to 5,600 credit card numbers. Following this incident the state sent out notification letters on February 9, 2007 to affected people and business organizations.

The letter said the State had enforced the maximum degree of security and was conducting regular independent audits to make sure that all data was safe. Despite these measures there was a security breach to the State's Web site, wherein some credit card numbers were stolen. However, due to some earlier technical errors, those numbers were unencrypted and were not eliminated from the computer systems. The hacker therefore viewed the unencrypted numbers. The letter further said that experts had rectified the errors and put in additional measures for the strongest security possible.

Chris Cotterill of the Office of Technology assured that they were leaving no stone unturned to prevent such security violations happening again. The Indy Channel published Cotterill's statement on February 9, 2007.

He explained the state web site supplied about 300 online services and had been managing online transactions for nearly a decade. Some of the services are reserving a campsite, renewing professional licenses, receiving business information from the state office's secretary, and accepting reports from the Indiana State Police.

The numbers accessed belonged to people who conducted transactions on the State's web site in January 2007. These people were customers of Bureau of Motor Vehicle and hunters wanting to renew licenses.

To prevent any further breach, the state has adopted new methods of handling credit card numbers. The state has also notified the breach to the U.S. Secret Service and credit card companies. State officials have not recommended credit card holders to get their numbers changed, but to monitor their cards for any illegal transactions.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 2/19/2007