Successful social engineering attack leads to 45 vitcims
Technorati Tag: Security Breach
Date Reported:
1/30/09
Organization:
State of Oregon
Contractor/Consultant/Branch:
Department of Human Services
Location:
Salem, Oregon
Victims:
"Coos County residents applying for assistance"
Number Affected:
45
Types of Data:
Personal information, including Social Security numbers
Breach Description:
"COOS BAY, Ore. (AP) — An online scam resulted in the theft of 45 Social Security numbers at the Oregon Department of Human Services office in Coos Bay last week."
Reference URL:
The World
Associated Press via The Oregonian
Report Credit:
Alexander Rich, The World
Response:
From the online sources cited above:
An online scammer made off with 45 Social Security numbers after sending a virus to a computer at the Department of Human Services office in Coos Bay last week.
The virus arrived in the form of a bogus e-mail with a link on it Jan. 23.
When an employee clicked on the link, it downloaded an application that recorded keystrokes and sent them to an external address.
[Evan] Huh? Was this just a momentary lapse in judgment, or is this employee an idiot?
Department officials discovered the virus later in the day and shut down the computer immediately.
[Evan] The department deserves some credit for detecting and responding on the same day.
E-mails were sent to other computers but no one else opened the application.
[Evan] How would it feel to be the only person to fall for the scam?
Gene Evans, a DHS spokesman, said the information was taken from Coos County residents applying for assistance through the Self-sufficiency Program.
All of those affected were notified of their lost information Monday and provided information about how to limit their risk of identity theft.
Evans said the department is constantly updating its virus scans, firewalls and staff training to identify scam e-mails that could contain viruses.
Commentary:
Human beings pose a great risk to the security of information, and social engineering is by far the easiest way to exploit the weakness. Social engineering may come in the form of an email such as the one in this incident, it may come in the form of a phishing email, it may come in the form of a telephone call or chat session, etc. Combating social engineering largely relies of employee education and constant awareness.
Past Breaches:
State of Oregon:
January, 2009 - Laptop stolen from University of Oregon affects youth with disabilities
Date Reported:1/30/09
Organization:
State of Oregon
Contractor/Consultant/Branch:
Department of Human Services
Location:
Salem, Oregon
Victims:
"Coos County residents applying for assistance"
Number Affected:
45
Types of Data:
Personal information, including Social Security numbers
Breach Description:
"COOS BAY, Ore. (AP) — An online scam resulted in the theft of 45 Social Security numbers at the Oregon Department of Human Services office in Coos Bay last week."
Reference URL:
The World
Associated Press via The Oregonian
Report Credit:
Alexander Rich, The World
Response:
From the online sources cited above:
An online scammer made off with 45 Social Security numbers after sending a virus to a computer at the Department of Human Services office in Coos Bay last week.
The virus arrived in the form of a bogus e-mail with a link on it Jan. 23.
When an employee clicked on the link, it downloaded an application that recorded keystrokes and sent them to an external address.
[Evan] Huh? Was this just a momentary lapse in judgment, or is this employee an idiot?
Department officials discovered the virus later in the day and shut down the computer immediately.
[Evan] The department deserves some credit for detecting and responding on the same day.
E-mails were sent to other computers but no one else opened the application.
[Evan] How would it feel to be the only person to fall for the scam?
Gene Evans, a DHS spokesman, said the information was taken from Coos County residents applying for assistance through the Self-sufficiency Program.
All of those affected were notified of their lost information Monday and provided information about how to limit their risk of identity theft.
Evans said the department is constantly updating its virus scans, firewalls and staff training to identify scam e-mails that could contain viruses.
Commentary:
Human beings pose a great risk to the security of information, and social engineering is by far the easiest way to exploit the weakness. Social engineering may come in the form of an email such as the one in this incident, it may come in the form of a phishing email, it may come in the form of a telephone call or chat session, etc. Combating social engineering largely relies of employee education and constant awareness.
Past Breaches:
State of Oregon:
January, 2009 - Laptop stolen from University of Oregon affects youth with disabilities
Posts Atom 1.0
Comments