1/26/12

A Breach of Securit

Home

New s Topics

Jobs

Digital Communities

Education

Video

Events

Webinars

Papers & Books

Grants

Magazines

Advertise Search

Ne

Topic

A B each of Sec

i
T eet Like 0

Dail Go ech Ne Enter your email

VIEW SAMPLE

In Yo

Inbo

E-Government Emerging and Sustainable Technology Health and Community Services IT Policy/Mgmt/Enterprise Tech Justice and Public Safety Products Transportation and Infrastructure Wireless/Mobile/Broadband View All New s Topics...

Septemb er 12, 2005 B Jana Saastad Welcome to the 21st century, where anything imaginable is available at the click of a mouse. For thieves with a degree of technical savvy, that online cornucopia includes components of people's identities, such as Social Security numbers, birthdates, addresses and full legal names.

S b c ibe o Go e nmen Technolog

For these malicious hackers, the goal is to break into a computer system, obtain others' vital information and open fraudulent credit card or checking accounts. With databases chock-full of valuable personal records, breaking into a system is akin to robbing a bank -- except thieves can perform their deeds from anywhere in the world. "Identity theft is the crime of the Information Age," said Linda Foley, co-executive director of the Identity Theft Resource Center, a national nonprofit dedicated to fighting identity theft. The center provides consumer and victim support, and advises governmental agencies, legislators and companies on identity theft.

Subscribe | View Digital Issue

GT Ne

o k of Si e

Se d

Digital Communities Emergency Management Public CIO Videos Photos New sletters

1,723 e le

San Diego Ta ge ed Two servers at the San Diego County Employees Retirement Association (SDCERA) were among the latest targets, getting breached by malicious hackers in July 2005. More than 32,000 current and former San Diego County employees have been made vulnerable to identity theft, and the closely guarded addresses of 5,000 law enforcement personnel may have been exposed. How did this happen, and what's being done to prevent future break-ins? Is government more at risk than private industry? Answering the first question is tough. "The story is not being discussed due to an active investigation," said Foley, adding that she offered her agency's services to SDCERA but was denied. "This is standard operating procedure. When you are on the trail of a thief, you don't go public." She said the San Diego Computer and Technology Crime High-Tech Response Team (CATCH) is leading the investigation, but keeping information to itself. When the break-in was discovered, the agency issued letters to former and current county employees advising them to contact credit agencies and put a fraud alert on their credit reports. The agency's actions complied with a California state law enacted in 2003 that requires companies or agencies to notify people whose private information may have been accessed by hackers. The San Diego County Board of Supervisors has voiced concern, but since the SDCERA's computers are independent of the county system, the board is not actively involved in the investigation. "SDCERA serves county employees, but they are not part of our IT contract," said Mike Workman, San Diego County spokesman. "I was not briefed since the outage was not ours. I don't have details other than what was reported." Some of those details include determining how much personal information -- if any -the hackers obtained. Since the SDCERA is not talking, that question has not been answered. Foley said too many factors are involved to know right away if the information was viewed or copied.

0
Follo @go techne s 4,410 follow ers

RSS

Ind

Pe

pec i e

Case Studies White Papers Contributed Solutions How to Guides

Go e nmen Be

P ac ice

IT at the Speed of Business: Why Spreadsheet Longer Cut It The Instant-On Enterprise: Business and Government White Paper

Con ol he Info ma ion

www.govtech.com/securit /A-Breach-of-Securit .html

1/3

1/26/12

A Breach of Securit
The break-in remains a whodunit for now, but that doesn't mean the SDCERA will fall prey to hackers again. "It's not an uncontrollable disease," Foley said. "It's a situation that can be restricted and limited if certain things were to change -- including better information control." Information control is what guided the San Bernardino County Employees' Retirement Association when it set up protection levels for its database. Mark Jolicoeur, the association's chief of Information Services, said he uses an array of protective measures to protect against breaches, including firewalls and wide area network and local area network (LAN) security policies and configuration. He also insists that user names and passwords are used at local machines. "Intrusion detection software is most common and is what we use," Jolicoeur said. "It consists of reports and logs used to monitor hits and pings."
MOST VIEWED MOST COMMENTED

PREV

1 2

NEXT

This Section

Whole Site

Site Reveals Salaries of New York State Employees, Other State Financial Data You ma use or reference this stor with attrib ution and a link to http://www.govtech.com/securit /A-Breach-of-Securit .html More Top 10 Network Security Threats Massachusetts Unemployment Insurance Claimants Notified of Data Breach Indiana Launches More Secure Drivers Licens

Airport Body Scans and Pat-Downs Raise More Privacy Concerns

Comments
oldest first Add Your Comment Name * Email Comment *

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

Submit Comment

Latest From Security

Tool Finds Holes in Domain Name System Security Extensions YouTube Agrees to New Terms of Service for State Agencies Perspective: How to Plug Holes in Disjointed Security Los Angeles Axes Plans to Add Police Email to Google Cloud California Creates Justice Unit for E-Crimes

GovTech Papers and Case Studies

View Library

www.govtech.com/securit /A-Breach-of-Securit .html

2/3

1/26/12

A Breach of Securit

White Paper: Playing the Hand You Have Been Dealt

White Paper: Abandoning the High Cost of Traditional Enterprise Content Management (ECM)

Case Stud : Laptops Help Libraries Meet the Needs of the Public

Case Stud : Laptops Help Detectives Solve Cases Faster

Sponsored Links
Still managing our projects with spreadsheets? Move our IT projects in the Cloud!

Government Technology

Public CIO

Emergency Management

Digital Communities

About Contact Sitemap RSS Privacy Follow us on Twitter

Govtech.com is a part of e.Republic 2012. All rights reserved. eRepublic on Face

www.govtech.com/securit /A-Breach-of-Securit .html

3/3