February 03, 2010

Hackers accesses Iowa Racing and Gaming Commission database

Hackers, believed to be from China, gained access to an Iowa government database, which contained the personal information of current and former employees of Iowa's casino and racing industries.

How many victims? 80,000.

What type of personal information? Names, Social Security numbers, home addresses and birth dates.  

What happened? Hackers gained entry to the state's computer system on Jan. 26 while the Iowa Communications Network, the state agency that administers Iowa's telecommunications network, was performing routine maintenance on a firewall.

Once inside, the intruders accessed a database of the Iowa Racing and Gaming Commission. It is unclear whether any personal information was downloaded.

The hackers were able to get into the database because a firewall on the commission's computer system had not been properly patched by a private contractor.

Ambient Consulting of Minneapolis maintains the commission's computer system and has said that a computer log indicated before the breach occurred that all appropriate software patches had been installed. In reality, they were not. The problem has since been fixed.

A forensic investigation revealed that China was the source of the hacking incident. State officials, however, are not certain of this because some hackers try to disguise their true country of origin by masking IP addresses.

Details: Most of the people in the database are Iowa residents but it also includes individuals from Illinois, Minnesota, Nebraska, South Dakota and Wisconsin, among other states.

The list includes workers such as card dealers, slot machine technicians, jockeys, trainers and owners of horses and greyhounds.

Quote: "There is nothing to show that even if all the patches had been installed, they still wouldn't have gotten in because they had already gotten through the state's firewall," said Robert Keller, chief technology officer, Ambient Consulting of Minneapolis.

What was the response? Ambient is working with Iowa officials to improve security. In addition, letters are being sent to affected individuals.

Source: DesMoinesRegister.com, The Des Moines Register, “Trail of Iowa computer hack points to China,” Feb. 2, 2010.
Previous Post
Next Post
Related Articles
Related Topics
Related Links
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.