Hackers broke into the official Rhode Island state government Web site, www.ri.gov late last month and stole 4,117 credit card numbers, according to New England Interactive (NEI), the company that manages the site. NEI is a subsidiary of Olathe, Kan.-based e-government provider NIC Inc.
"We discovered the breach on Dec. 28," said NIC spokesman Chris Neff. "It was due to an error in a line of software code that our local office in Rhode Island that manages the state's portal [NEI] had written. So we immediately closed that breach, fixed that error and initiated a deeper investigation, including a follow-up security scan of the entire site."
According to Neff, NEI at first thought that only eight credit cards had been compromised. "We immediately contacted the Rhode Island CIO and the Secret Service and the credit card-issuing companies to flag those accounts so they could be monitored for possible fraudulent activity," Neff said.
After further analysis, however, NEI discovered that 4,117 credit card numbers were actually involved. "At that point, we went through the notification process again with the Rhode Island CIO, Secret Service [and the] credit card companies," he said. "Now we're collaborating with the state, the credit card companies [and] the Secret Service working on several solutions. We're working toward contacting those card holders and working toward providing some additional services to them [like] credit monitoring and credit rehabilitation for people who were harmed ... as a result of this. And we're working with the state on the security -- they've hired an external security firm, we have done the same, to assess the state's security measures and ensure that everything is up to par going forward."
According to a statement from NIC Monday, the stolen credit card numbers were used in transactions with government agencies between Dec. 31, 2004, and March 8, 2005. NIC recommended that anyone who used credit card information on the Rhode Island Web site contact their credit card companies and request that their accounts be monitored for fraudulent activity.
A check of the state site indicates that consumers can conduct a variety of transactions online using a credit card, including renewing fishing and boating licenses, obtaining driving records and renewing vehicle registrations that have been temporarily suspended.
NIC realized that more than eight credit cards might have been compromised last week, when it learned of information on a Russian-language Web site that appeared to discuss the hacking. NEI worked to cross-reference details on the Russian site against information it already had and on Thursday notified NIC, the state CIO, law enforcement officials and credit card companies that additional credit cards were involved in the hacking. That's when the company found that 4,117 credit card numbers had been stolen.
"NIC takes security matters very seriously," Harry Herington, COO of NIC, said in the statement. "We take responsibility for this incident and acted immediately to correct the breach upon discovering it. We will continue to work with Rhode Island state officials, law enforcement and the credit card companies to resolve this issue."
Rss FeedRss Feed
The Leader in Network Knowledge
Comment