Thread: Hacker gets into Neb child support system

http://tinyurl.com/mdomo

Hacker gets into Neb. child-support system By KEVIN O'HANLON, Associated Press Writer
1 hour, 21 minutes ago



A hacker broke into the child-support computer system run by the state Treasurer's office and may have obtained names, Social Security numbers and other information of 300,000 people and 9,000 employers.

Treasurer Ron Ross announced the security breach Thursday.

The system helps collect and disperse child-support payments.

The hacker got into a back-up computer server Wednesday morning for about 40 minutes and launched a virus, which Ross said was immediately removed.

Ross said the hacker was "probably from outside the United States."

He said he did not believe any information was downloaded but that the State Patrol is launching a computer forensic investigation of the incident.

The computer also contained tax identification numbers for 9,000 businesses who collect and send in child-support payments to the Treasurer's Office.

"Until we know for sure, I encourage all parents who pay or receive, and all employers involved, to monitor their accounts and report unusual activity," Ross said.

Ross said letters will be sent as soon as possible to potentially affected persons informing them of the breach and providing information about identity theft protection.

Ross said the attack appeared to be routed through Australia from Asia.

"There are very smart and bad people out there," Ross said. "We do not know if that person was able to download any information."

Ross said his office immediately put tougher security measures on the system.

More than $233 million flowed through the system last year, totaling 1.5 million payments, by check or electronic deposits.

The computer system was launched in December 2001 and has processed more than $1 billion in child support payments to 176,000 children.

Creation of the Nebraska Child Support Payment Center was mandated by the federal government. Nebraska officials worked under a Dec. 31, 2001 deadline to get it operational, or face a $5 million fine.

Under the old system, Nebraska and most other states handled child support at the county level. But the counties generally could not share information and businesses faced the hassle of mailing checks to scores of offices.

So federal law was changed to require states to install statewide computer systems.

Similar security breaches have made news recently.

The U.S. Agriculture Department said last week that a hacker broke into its computer system and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors.

Also, as many as 26.5 million people may have been affected by the theft of a laptop computer containing Veterans Affairs information including Social Security numbers and birth dates. The computer was taken from the home of a VA employee, and officials waited nearly three weeks before notifying veterans on May 22 of the theft.

The government said Thursday the laptop with veterans' information had been recovered, and the FBI said there is no evidence that anyone accessed Social Security numbers and other data on the equipment.

Earlier this month, the U.S. Health and Human Services Department discovered that personal information for nearly 17,000 Medicare beneficiaries may have been compromised when an insurance company employee called up the data through a hotel computer and then failed to delete the file.

Social Security numbers and other information for nearly 1,500 people working for the National Nuclear Security Administration may have been compromised when a hacker gained entry to an Energy Department computer system last fall. Officials said June 12 they had learned only recently of the breach.

Ross said his office immediately put tougher security measures on the system.

Way to go!

Wait till it's too late, then fix the problem.

Originally Posted by CountFloyd

Ross said his office immediately put tougher security measures on the system.

Way to go!

Wait till it's too late, then fix the problem.

That should make the hacker "victim" automatically liable for any damages.