The December 2022 issue of IEEE Spectrum is here!

Close bar

Massachusetts Unemployment Computers Breached

Worm now contained but not before sensitive data on possibly 210,000 accessed

2 min read
Massachusetts Unemployment Computers Breached

The Boston Herald reported yesterday that a computer virus (really a worm) identified as W32.QAKBOT was found to have infected at least 1,500 computers belonging to the Massachusetts Labor and Workforce Development agency.

According to the press release of the Executive Office of the Labor and Workforce Development that was posted on Tuesday, the worm was originally discovered on the 20th of April, and was thought to have been eliminated at that time by the Agency's security provider, Symantec. For reasons not disclosed, the worm was not able to be totally eliminated; nor was it disclosed how the worm likely infected the agency's computers in the first place.

The worm was found again on Monday and it was discovered that information from hundreds of Massachusetts employers residing with the Departments of Unemployment Assistance (DUA) and Career Services (DCS) had potentially been compromised. The agency immediately shut down the computers to stop the security breach.

The press release goes on to say that:

"There is a possibility that as a result of the infection, the virus collected confidential claimant or employer information. This information may include names, Social Security Numbers, Employer Identification Numbers, email addresses and residential or business addresses. It is possible that bank information of employers was also transmitted through the virus. Only the 1200 employers that manually file could be impacted by the possible data breach."

The Herald story says that the Labor and Workforce Development agency is going to notify all 210,000 people it does business with of the breach, even though it believes that those actually affected are far fewer than this number indicates.

A Boston Globe story today says that there is little concern that the worm will spread to other state computers because they are physically disconnected from those of the Labor and Workforce Development computers. However, if the infection was caused by a phishing email that a state worker opened, that lack of concern may be a bit premature.

At least the unemployment agency didn't apologize for any "inconvenience" the breach has caused.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}