The Massachusetts Executive Office of Labor and Workforce Development recently revealed that one of its IT systems was infected with a virus that may have stolen personal information of thousands of Massachusetts citizens.
According to a statement from the office, as many as 1,500 computers housed in the Departments of Unemployment Assistance and Career Services may have been infected with the W32.QAKBOT virus, a worm that spreads through network and removable drives, downloading files and stealing information. The worm is also capable of opening a back door on an affected machine, potentially exposing it to future danger.
While the EOLWD did not specify the number of people affected by the data security failure, it did acknowledge that information on the computers included names, Social Security numbers, email addresses, employer ID numbers and residential and business addresses.
The EOLWD said bank information of employers may have also been breached by the virus. However, the office stated that "only" 1,200 employers could have possibly been impacted by the breach.
The virus infected the computers beginning April 20 and was discovered May 16. The office said it took immediate steps to remove the infection, though it "was not remediated as originally believed," leading to the breach. The virus is not currently active.
"We take our customers' privacy very seriously. Unfortunately, like many government and non-government organizations we were targeted by criminal hackers who penetrated our system with a new strain of a virus. All steps possible are being taken to avoid any future recurrence," said Joanne Goldstein, secretary of labor and workforce development.
Massachusetts is one of the most aggressive states in the country regarding data protection. In 2007, legislators passed the Massachusetts data breach law, which requires prompt notices following a data breach and dictates strict rules regarding the definition of breaches.