I’m having one of those “WTH???” moments.
Read this report from Associated Press:
Some state employees and vendors who do business with Alabama are being notified that their personal information was accessed when hackers infiltrated a state computer system.
The state Department of Homeland Security announced today that it was making the notifications, but wouldn’t say how many employees or vendors were affected. The department said the hackers accessed personal information such as names, Social Security numbers and taxpayer identification numbers. They didn’t access taxpayer records or tax returns. In mid-September, hackers gained accessed to tax records at South Carolina’s Department of Revenue.
Does the mid-September hack of SCDOR have anything to do with this? If not, why include that there, AP?
Alabama Homeland Security Director Spencer Collier said those affected will be connected with credit monitoring services, and the state will provide a one-year service with an identity theft service company to help detect misuse of personal information.
Department spokeswoman Leah Garner said the department could not release more information because of an ongoing criminal investigation. But she said the department believes the people behind the hacking Jan. 16 do not have a history of maliciously using personal information.
So they know who the hackers are? Were they employees or did they have an employee’s assistance? Have they been arrested? Why would people hack to obtain these data if not to use them maliciously? What does the state believe their motivation was, then?
And is this story related to any other hacking of Alabama state computers previously reported by the media?
The computer system that got hacked is operated by the state Information Services Division.
OK. So now we know there was a hack on January 16 involving the Information Services Division system. And we know what types of data were accessed. But the state’s statement re: the hackers not having a history of using data maliciously in somewhat stunning, and I wish they’d disclosed more about this.
Update: WSFA also covers this case, without the distraction of references to the SCDOR breach.