The US state of Georgia has allowed a remote attacker to access a database containing the details of 570,000 members of the state’s pension scheme.
The cause of the breach has been blamed on an unpatched flaw in one of the state’s security programs, although the supplier of the software has not been disclosed.
The attacker is said to have breached the system towards the end of February, using a variety of hacking tools to access the server hosting the database.
Georgia said it was in the process of fixing the security flaw in the system, before the hacker got there first and took advantage of the problem when the supplier publicised the problem and advised a fix.
Although there is no evidence so far that the attack has led to any of the information being used for identity theft or other fraud, the state has contacted 180,000 affected employees.
The state doesn’t have contact details for the others affected, mainly those who are former employees, and is relying on media reports to alert them to the potential problem.
Earlier this month it was disclosed that the state of Florida had unwittingly released the personal details of tens of thousands of its employees to an offshore Indian outsourcer.
This outsourcer had wrongly been sub-contracted to complete data indexing work, in breach of the contract held by the main contractor.
Florida was forced to contact the employees affected by the data disclosure.