The Boston Herald reported yesterday that a computer virus (really a worm) identified as W32.QAKBOT was found to have infected at least 1,500 computers belonging to the Massachusetts Labor and Workforce Development agency.
According to the press release of the Executive Office of the Labor and Workforce Development that was posted on Tuesday, the worm was originally discovered on the 20th of April, and was thought to have been eliminated at that time by the Agency's security provider, Symantec. For reasons not disclosed, the worm was not able to be totally eliminated; nor was it disclosed how the worm likely infected the agency's computers in the first place.
The worm was found again on Monday and it was discovered that information from hundreds of Massachusetts employers residing with the Departments of Unemployment Assistance (DUA) and Career Services (DCS) had potentially been compromised. The agency immediately shut down the computers to stop the security breach.
The press release goes on to say that:
"There is a possibility that as a result of the infection, the virus collected confidential claimant or employer information. This information may include names, Social Security Numbers, Employer Identification Numbers, email addresses and residential or business addresses. It is possible that bank information of employers was also transmitted through the virus. Only the 1200 employers that manually file could be impacted by the possible data breach."
The Herald story says that the Labor and Workforce Development agency is going to notify all 210,000 people it does business with of the breach, even though it believes that those actually affected are far fewer than this number indicates.
A Boston Globe story today says that there is little concern that the worm will spread to other state computers because they are physically disconnected from those of the Labor and Workforce Development computers. However, if the infection was caused by a phishing email that a state worker opened, that lack of concern may be a bit premature.
At least the unemployment agency didn't apologize for any "inconvenience" the breach has caused.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.