State agency warns of security breach

By Ina Fried
Posted on ZDNet News: Feb 13, 2004 6:06:00 PM

Some California workers may have had their salaries and other personal information compromised after someone gained unauthorized access to a state agency's computer.

The California Employment Development Department has begun warning some current and former household workers that their information may have been accessed by an intruder, CNET News.com has learned. The agency sent a letter, dated Feb. 11, notifying people of the breach and offering information about how to reduce the risk of identity theft.

Approximately 55,000 employees were affected, EDD spokesman Kevin Callori said in an interview. The agency said the database in question contained names, Social Security numbers and wages.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

"At this time we do not know the intent of the intruder or whether your personal information was accessed," Dale Morgan, chief information security officer of the EDD, said in the letter, which was obtained by CNET News.com.

"An internal EDD review of the incident found that a source outside of EDD gained access to a computer system containing personal information about you," he added.

Morgan said that the unauthorized access is being investigated by the computer crimes unit of the California Highway Patrol.

"The EDD regrets that this incident occurred and assures you that we are working with law enforcement to protect against further incidents of this kind," the letter said.

Callori said that the breach, which was detected on Jan. 20, was limited to a single server containing information about household workers.

"There is no evidence they accessed personal information," he said. "Apparently, they were using the server to send out spam."

However, because investigators could not rule out the possibility the information was accessed, the agency needed to notify people, he said.

California implemented a law last year requiring businesses and government agencies to reveal if a database containing private information has been compromised.

The server in question, Callori said, was a Compaq Alpha server running Unix, while most other EDD servers run Microsoft's Windows operating system. "Apparently this is a nonstandard (server) unique to this application," he said.

In December, portions of the LocatePlus database used by law enforcement and credit agencies was briefly made accessible via the Internet.

Identity theft has been a growing concern in recent years, with analyst firm Gartner estimating last year that 3.4 percent of Americans--or more than 7 million people--had their personal information compromised within the past 12 months.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 28 Talkback(s)

Thread View
Flat View

greater marketshare, less exploits: Unix/Linux servers are a lot greater number in production than
those of m$. even once in a blue moon you m$ shills get to
gloat. but if you want to keep score, m$ still dominates in the
ar... (Read the rest); Posted by: stephen732@yahoo.com Posted on: 02/16/04 You are currently: Logged In as: a Guest | Login | Terms of Use

Very interesting! ShadeTree | 02/13/04

NON Windows?? James Schroer | 02/13/04

Nice Try! ShadeTree | 02/13/04

greater marketshare, less exploits stephen732@... | 02/16/04

HAving a hard time reading? No_Ax_to_Grind | 02/13/04

Here'scut and paste from the article John Zern | 02/15/04

Re: Very interesting! issthatso | 02/13/04

Not where the server sat... Confused by religion | 02/13/04

Milly, can you confirm that it was Unisys OS 2200? No_Ax_to_Grind | 02/13/04

Sorry - no... Confused by religion | 02/13/04

Did you read the article? ShadeTree | 02/13/04

What else is available? No_Ax_to_Grind | 02/13/04

Poor bitty wants to flame Linux so bad it hurts. zd-spam | 02/13/04

Shadetree, looks like it was... No_Ax_to_Grind | 02/13/04

Well that shoots down another hacking theory shallow_diver | 02/13/04

Shady Bit Milly Axe Don Rembrandt Pussyhorse | 02/13/04

Surely you jest vferrara | 02/13/04

You have to understand this posters mentality. No_Ax_to_Grind | 02/13/04

Who knows... vferrara | 02/13/04

We're all the same person rapson | 02/13/04

My right foot itches, would you scratch it please. No_Ax_to_Grind | 02/16/04

Somewhat disingenous aren't you. ShadeTree | 02/13/04

Who knows... vferrara | 02/13/04

Oops.... vferrara | 02/13/04

Information Liberalisation ParadigmOdyssey | 02/13/04

Maybe all of you missed it. JoeMama_z | 02/15/04

They were using 'Open Source' and it was BREACHED! idnew2005@... | 02/16/04

Linux has been breached-WHAT really happened idnew2005@... | 02/16/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

Visit the ZDNet Enterprise Mobility Hub sponsored by Verizon Wireless! It has the latest news, commentary, and resources for your mobile and wireless strategy development.
Video: How to spoof a MAC address
Five steps to protect mobile devices anywhere, anytime
Fetch Your E-Mail from Anywhere
From our sponsors
Push to Talk from Verizon Wireless Choose Verizon Wireless and get a Push to Talk service you can rely on. The only service that comes with the Network. Starting at $699.