Springfield officials say the personal information of about 2,100 citizens may have been obtained by hackers when the city’s website was “compromised” Feb. 17, a Friday.
Some functions have been turned off on the city’s website, springfieldmo.gov, as authorities investigate the apparent breach, said city spokeswoman, Cora Scott.
Read more on News-Leader.com
A statement posted yesterday on the city’s web site says:
City Website Compromised
The City of Springfield’s public-facing website (springfieldmo.gov) was compromised Friday, Feb. 17 and certain functionality has been turned off to secure the site while authorities investigate.
Officials are taking steps to notify approximately 2,100 individuals whose personal information may have been obtained when the site was breached. To reduce risk of harm from this incident, these individuals will receive a letter by mail offering a one-year subscription with an identity theft protection company.
The site passed a Feb. 8, 2012 Payment Card Industry (PCI) security scan, however, the City is looking into the vulnerability and modifications have been made to the website to prevent further incidents from compromising any information in the future.
No additional details can be released while the investigation continues. As required by State statute, the City has notified the Attorney General’s Office of this incident.
Those needing assistance with functions currently inaccessible on the site may call 417-864-1010. Media with questions – please call 417-864-1009.
The hack appears to be the work of hackers who identify themselves as Kahuna and CabinCr3w, and is part of #OpPiggyBank. In a statement accompanying the release, they write:
Small Redacted Sample Of Data Taken From Police Database
Data Contained Is Online Police Reports (OPR) and Misc Warrant And Summons Data
All Data That Could Cause Problems To Civilians Has Been Redacted, As It Contains Social Security Numbers, Addresses, and Other Personal Information Of Citizens..now some cake
The data they acquired reported includes:
OPR_PERSONS – 6071 Entries
AGE,C_PHONE,DOB,EMAIL,EYE_COLOR,H_ADDRESS,H_CITY,
H_PHONE,H_STATE,H_ZIP,HAIR_COLOR,HEIGHT,ID,M_ADDRESS,M_CITY
,M_STATE,M_ZIP,NAME,PERSONSID,RACE,ROLE,SEX,SKINTONE,SSN,SUS_DESC
,W_PHONE,WEIGHT,WARRANTS – 15,887 entries
ACCYON,AGE,BRTHDT,CITY,CTCDNO,CTCDSC,DFADRS,DFNAME,EMPLYR,EYESCL,
HAIRCL,HEIGHT,JRSDCT,MNFSTN,MNLSTN,MNMIDN,NMSFX,OFCRNO,OFNDT,
OFNSLC,OFNSTM,PDCASE,RACECD,RADYON,RELCON,SEXCOD,STCODE,TCKTNO,
TKINFO,VILCOD,VILLD*,VILSDS,VLOCNO,VLRPPD,WEIGHT,WRISDT,WRNTYP,
WRTBND,WTYPTX,ZIPCD*,ZIPCD2OPR_BUSINESS – 408 entries
ADDR,ID,NAME,PHONEOPR_VEHICLE- 1041 entries
COLOR,EXIST_DAMAGE,ID,LICENSE_NO,LICENSE_YEAR,LOCKED,MAKE,MODEL,
NAME,PARKED,ROLE,SPEC_FEATURES,STATE,STYLE,TYPE,VALUE,
VEHICLE_YEAR,VEHICLEID,VINSUMMONS – 284,618 ENTRIES
ACCYON,CTCDNO,CTCDSC,DSN,JURISDICTION,OFNSDATE,OFNSLOC,OFNSTIME,
PDCASE,RADYON,TICKETNO,VILCOD,VILSDS,VLOCNO,VLRPPD
That’s a lot of personally identifiable information and it’s not clear why only 2,100 are being notified if one database alone had over 6,000 entries including Social Security numbers and the warrants database had almost 16,000 entries.
None of those details were reported on the city’s web site or in the media coverage of the incident. The hackers have posted some redacted proof of hack. As they have in the past, they have opted to not expose citizens’ personal information.
You’re going to see a lot more of these as attackers realize that city, township and county governments hold a lot or personal information and generally do not have the expertise or inclination or budget to protect it. Think about all of the city income tax forms you’ve filed over the years and then look at the budget condition of that city.
One of the best solutions could be slaves… I mean, unpaid interns who want to go into IT and software engineering.