BreachExchange mailing list archives
KY. data breach affects 2,500
From: security curmudgeon <jericho () attrition org>
Date: Sat, 29 Sep 2012 22:51:47 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.clinical-innovation.com/index.php?option=com_articles&view=article&id=35217:ky-data-breach-affects-2500 By Editorial Staff Clinical-Innovation.com September 20, 2012 The Cabinet for Health and Family Services is informing approximately 2,500 clients by letter of a possible employee email account breach that may have resulted in the unintentional release of information held by the Cabinet?s Department for Community Based Services (DCBS). According to a statement posted on the Frankfort, Ky.-based organization?s website, in July, a DCBS employee responded to a ?phishing? email sent by a hacker. Unauthorized activity on the account was identified within a half hour and the account was immediately disabled. There is no evidence that the confidential contents of the email account were accessed or viewed, but the hacker did have access to the email account for a brief period. Data about the individuals being notified was included in the National Youth Transition Database monitoring those in the process of or who have recently aged out of the foster care system. ?In all likelihood, the hacker intended to access the state government email server to send spam emails and did not access or view client information,? said Rodney Murphy, executive director of the Office of Administrative and Technology Services. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- KY. data breach affects 2,500 security curmudgeon (Oct 02)