Content

Smallest state’s website cracked

Hackers have struck the Rhode Island state government website, stealing the credit card numbers of more than 4,000 people in a breach much larger than originally thought.

The hackers, who attacked one of www.RI.gov's portal servers on Dec. 28, also gained access to the partial credit card numbers of another 52,000 people, although those cardholders are not considered to be at risk of fraud, according to the site.

The Providence (R.I) Journal reported that the hackers are believed to be Russian because they boasted about the attacks on a Russian-language website.

So far, none of the stolen account information has been used inappropriately, although the site suggests all people who made credit card payments on the site between Dec. 31, 2004 and March 8, 2005 – the transaction dates affected by the breach – request credit monitoring.

Breach notification will be sent to the 4,117 cardholders whose full numbers were revealed to the hackers, the site said.

www.RI.gov – managed by New England Interactive on behalf of the state - said it learned of the incident on the day it occurred and promptly notified authorities and banks. However, last Thursday, officials again contacted those agencies to inform them the breach was larger than originally suspected.

Since the breach, the site has been "locked down" to prevent more intrusions, RI.gov said. Additionally, an outside security firm has been hired to analyze and test the site for further vulnerabilities. The portal no longer will contain full credit numbers.

Rhode Island residents can use the site to purchase renewals for their cars, buy marine and fishing licenses and register new businesses. As an audit continues, the site currently is not accepting credit card payments.

The incident, combined with the New Years Eve theft of 365,000 patient records from the car of an employee of Portland, Ore.-based Providence Home Services, presents a gloomy forecast for this year, security information firm SecurityFocus said Tuesday.

"The incidents suggest that 2006 will not be much different than 2005, which saw more than 50 million sensitive data records leaked by online breaches and stolen backup tapes," SecurityFocus said. MasterCard International and Bank of America were sources of two of the breaches.

In the Providence Home Services case, the information has not been used for identity theft, according to the health service provider's website.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.