An attacker, who hacked into the GovWin IQ system run by Virginia-based enterprise software and information solutions provider Deltek, compromised credentials and ultimately put information on roughly 80,000 customers at risk, including payment card data for about 25,000 of those individuals.
How many victims? About 80,000.
What type of personal information? GovWin IQ usernames and passwords, as well as payment card data for 25,000 customers.
What happened? A hacker took advantage of a vulnerability in Deltek’s GovWin IQ system and compromised the data.
What was the response? The vulnerability has been fixed. Deltek is cooperating with law enforcement, and has also brought on a cybersecurity firm to investigate the incident and make recommendations to prevent a similar incident from occurring. All impacted individuals are being notified, and those who had payment card data compromised are being offered credit monitoring services.
Details: Deltek discovered on March 13 that the attack had occurred. Security improvements to the GovWin IQ system, including a mandatory password change every 90 days, were implemented on Tuesday night.
Quote: “We have remedied the security vulnerability that we believe the hacker exploited in order to gain unauthorized access to our GovWin IQ system,” Mike Corkery, president and CEO of Deltek, said in the notification letter. “We have increased the overall security of GovWin IQ, including by reviewing and improving our data security procedures and changing our practices for handling personal information.”
Source: federalnewsradio.com, “Deltek suffers cyber attack putting 80,000 employees of vendors at risk,” April 9, 2014.