Breach, Data Security, Vulnerability Management

Hackers accesses Iowa Racing and Gaming Commission database

Hackers, believed to be from China, gained access to an Iowa government database, which contained the personal information of current and former employees of Iowa's casino and racing industries.

How many victims? 80,000.

What type of personal information? Names, Social Security numbers, home addresses and birth dates.  

What happened? Hackers gained entry to the state's computer system on Jan. 26 while the Iowa Communications Network, the state agency that administers Iowa's telecommunications network, was performing routine maintenance on a firewall.

Once inside, the intruders accessed a database of the Iowa Racing and Gaming Commission. It is unclear whether any personal information was downloaded.

The hackers were able to get into the database because a firewall on the commission's computer system had not been properly patched by a private contractor.

Ambient Consulting of Minneapolis maintains the commission's computer system and has said that a computer log indicated before the breach occurred that all appropriate software patches had been installed. In reality, they were not. The problem has since been fixed.

A forensic investigation revealed that China was the source of the hacking incident. State officials, however, are not certain of this because some hackers try to disguise their true country of origin by masking IP addresses.

Details: Most of the people in the database are Iowa residents but it also includes individuals from Illinois, Minnesota, Nebraska, South Dakota and Wisconsin, among other states.

The list includes workers such as card dealers, slot machine technicians, jockeys, trainers and owners of horses and greyhounds.

Quote: "There is nothing to show that even if all the patches had been installed, they still wouldn't have gotten in because they had already gotten through the state's firewall," said Robert Keller, chief technology officer, Ambient Consulting of Minneapolis.

What was the response? Ambient is working with Iowa officials to improve security. In addition, letters are being sent to affected individuals.

Source: DesMoinesRegister.com, The Des Moines Register, “Trail of Iowa computer hack points to China,” Feb. 2, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.