Georgia allows hacker to access details of 570,000 pension members

The US state of Georgia has allowed a remote attacker to access a database containing the details of 570,000 members of the state’s pension scheme.

The US state of Georgia has allowed a remote attacker to access a database containing the details of 570,000 members of the state’s pension scheme.

The cause of the breach has been blamed on an unpatched flaw in one of the state’s security programs, although the supplier of the software has not been disclosed.

The attacker is said to have breached the system towards the end of February, using a variety of hacking tools to access the server hosting the database.

Georgia said it was in the process of fixing the security flaw in the system, before the hacker got there first and took advantage of the problem when the supplier publicised the problem and advised a fix.

Although there is no evidence so far that the attack has led to any of the information being used for identity theft or other fraud, the state has contacted 180,000 affected employees.

The state doesn’t have contact details for the others affected, mainly those who are former employees, and is relying on media reports to alert them to the potential problem.

Earlier this month it was disclosed that the state of Florida had unwittingly released the personal details of tens of thousands of its employees to an offshore Indian outsourcer.

This outsourcer had wrongly been sub-contracted to complete data indexing work, in breach of the contract held by the main contractor.

Florida was forced to contact the employees affected by the data disclosure.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close