123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Technology,-Gadget-and-Science >> View Article

Malware At Massachusetts Unemployment Office Leads To Data Breach

Profile Picture
By Author: Apple Tan
Total Articles: 68
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

An aggressive worm known for stealing sensitive information, Qakbot, was found on the computer network for agencies handling unemployment claims in Massachusetts. Cyber-criminals may have used this malware to steal personal information from the Massachusetts unemployment offices, according to the Executive Office of Labor and Workforce Development (EOLWD).
As many as 1,500 computers in the Departments of Unemployment Assistance and Career Services were infected with a virus beginning April 20, according to a statement made by the Massachusetts Executive Office of Labor and Workforce Development on May 17. Computers in the mobile One Stop Career Centers that work with claimants were also infected. Even though EOLWD immediately worked with Symantec to remove the malware, W32.QAKBOT, it learned on May 16 that the infection hadn’t been “remediated as originally believed,” leading to a data breach.
There is a possibility that as a result of the infection, the virus collected confidential claimant or employer information. This information may include names, Social Security Numbers, Employer Identification ...
... Numbers, email addresses and residential or business addresses. It is possible that bank information of employers was also transmitted through the virus.
In all, the agency believes the impact was limited to 1,200 employers who file information manually. At the same time, there is no way to assess the number of individuals affected by the potential breach, as “businesses that file their quarterly statements manually (about 1,200 of 180,000) may have had identifying information transmitted through the virus”. “For a claimant to have been impacted, a staff person would have had to key in sensitive information at an infected work station,” the statement added.
"I apologize to our customers and recognize that this is an unwanted problem,” Joanne F. Goldstein, Secretary of Labor and Workforce Development said in a statement.  “We are in the process of individually notifying all residents whom we think could be impacted and have advised all relevant and necessary state and federal agencies of the situation. We are doing everything possible to provide assistance in how to protect their identities and credit to those affected," said Joanne F. Goldstein.
EOLWD advises that anyone who conducted business from April 19 – May 13 requiring a staff person to access your file on-line with DCS, DUA or at a One Stop Career Center should take the necessary precautions as outlined below. All claimants will receive letters advising them of the breach and the information on how they can further protect themselves.
Qakbot has been around for some time. First discovered in 2009, the Malware spreads via several sources, including network shares. At one time it leveraged vulnerabilities in Apple’s QuickTime and Internet Explorer to target victims. Qakbot is able to gather various kinds of data on an infected system including OS and network information, keystrokes, stored FTP and email login details, targeted banking data, as well as usernames and passwords stored within a browser.
“While W32.Qakbot has multiple capabilities, its ultimate goal is clearly theft of information. Identification theft is big business in the underground world of cybercrime and the more data a threat can steal, the bigger the profit that can be made,” Symantec’s profile on the Malware explains.
Qakbot is especially aggressive and normally targets online banking, although it has the ability to mutate itself to switch targets and change its methods. The cyber-criminals behind the infection could have remotely instructed the virus to go after names, addresses and Social Security numbers stored in the state systems instead of focusing on banking sites, said Roel Schouwenberg, an antivirus researcher at Kaspersky Lab.
The department is currently contacting all affected residents and has already notified “all relevant and necessary” state and federal agencies for assistance in remediating the breach. It is evident that government departments and organizations need to take proper measures to safeguard their network security, including hiring highly trained information security in order to prevent an information security breach. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.


About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT).
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

Total Views: 350Word Count: 1018See All articles From Author

Add Comment

Technology, Gadget and Science Articles

1. Understanding Why It Is Essential To Hire A Virtual Receptionist
Author: Eliza Garran

2. Driving Success With Google Shopping Price Tracking Dataset
Author: Den Rediant

3. Elevate Every Gathering With A Smart Event Mobile App
Author: Enseur Tech

4. Power Tillers: A Smart Solution For Modern Farming Needs
Author: Mark

5. Product Prices Scraping By Pincode Across Multiple Platforms
Author: Retail Scrape

6. What Are The Best Ways To Extract Real-time Product Data From Top Grocery Apps?
Author: Retail Scrape

7. Diy Vs. Pro: Should You Outsource Your Thumbnail Design?
Author: Bulk Account Buy

8. Benchmark Daily Prices Using Amazon & Walmart Data In The U.s
Author: Actowiz Solutions

9. Unlock The Power Of Google's Gemini Ai Chatbot
Author: Sdreatech

10. 10 Angular Best Practices For Mean Stack Developers
Author: Mukesh Ram

11. Improve Retail Strategy With Publix Store Locator Data Scraper
Author: Den Rediant

12. Customer Service Quality Assurance: Strategies For Delivering Consistent Excellence
Author: Allan Dermot

13. Doordash Data Scraping: Top Trending Restaurants Revealed In Los Angeles
Author: Retail Scrape

14. Electric Scooter Industry To Hit $408.1 Billion By 2031: Key Growth Drivers
Author: Suvarna

15. Learn The Importance Of Business Intelligence For Microsoft Dynamics 365
Author: Bappaditta Jana

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: