Weekly Breach Roundup
Federal Pension Plan Hacked; University Breach Affects 650,000In this week's breach roundup, a retirement savings plan for federal employees was hacked. Also, the University of Nebraska experienced a breach that affected 650,000 students and others.
See Also: OnDemand | Realities of Choosing a Response Provider
Pension Hack Exposed 123,000 Accounts
A sophisticated cyberattack last summer aimed at a computer linked to the Federal Retirement Thrift Investment Board's Thrift Savings Plan is believed to have exposed personal information about as many as 123,000 pension participants.
David Land, an IT security expert and former Cyber Counterintelligence Officer for the Oak Ridge National Laboratory and the U.S. Department of Energy, says the length and description of the attack point to something much more serious. Many of the federal employees and service members hit by the breach likely have security clearance to highly sensitive and classified data, Land says. "This intrusion has some very significant implications and potentially down the road ramifications," he says. "Were I to guess, this was likely a foreign-state-sponsored effort to gain intelligence and potential targeting information."
U of Nebraska Breach Affects 650,000
The University of Nebraska has reported a breach involving unauthorized access to a database containing information on more than 650,000 students and others. The hacked database stored personal information, including Social Security numbers, addresses, course grades and other details for students, alumni and applicants. Other information that may have been exposed includes certain personal and financial information for parents of students who applied for financial aid, as well as university employees.
N.J. Mayor Accused of Hacking Website
Mayor Felix Roque of West New York, N.J. has been charged, along with his son, with hacking into a website criticizing his administration and accessing information without permission. A complaint filed with the U.S. District Court of New Jersey states Roque and his son accessed e-mail accounts and proceeded to cancel the Internet domain account www.recallroque.com by accessing the website owner's account at web-hosting service Go Daddy.
Patient Info Compromised in Fraud Scheme
Phoebe Putney Memorial Hospital in Albany, Ga., is notifying patients of a fraud scheme involving a former hospital employee. The employee accessed patients' names, dates of birth and Social Security numbers between June 2010 and April 2012 with the intent to file fraudulent tax returns, according to a notice posted to the hospital's site.
No medical records were taken, the hospital said. Patients affected include those who were treated by Phoebe Home Health between July 2005 and April 2012; the number of affected individuals was not revealed. Privacy policies and staff procedures have been refined as a result of the incident. The notice doesn't say if any fraudulent tax returns were filed.