Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Aetna warns 65,000 about Web site data breach

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Latest Breaking News Donate to DU
 
OhioChick Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 12:28 PM
Original message
Aetna warns 65,000 about Web site data breach
Source: ComputerWorld

May 28, 2009 10:34 AM ET

IDG News Service - Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.

The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.

The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information.

The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained.

Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves.



Read more: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133621



Lovely.
Printer Friendly | Permalink |  | Top
T Wolf Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 12:35 PM
Response to Original message
1. ANd my premiums will rise to pay for that "free year of credit monitoring." nt
Printer Friendly | Permalink |  | Top
 
OhioChick Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 12:36 PM
Response to Reply #1
2. This happens so frequently...
Do they still offer that free year of credit monitoring?
Printer Friendly | Permalink |  | Top
 
nightrain Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 08:24 PM
Response to Original message
3. and some people want electronic medical (and mental health) records???
Perhaps some time in the future. But we haven't got security down yet.
Printer Friendly | Permalink |  | Top
 
OhioChick Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 08:49 PM
Response to Reply #3
4. Exactly.
I think medical records online would be a disaster, coming from a technical perspective.
Printer Friendly | Permalink |  | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 09:27 PM
Response to Original message
5. and there's a push for internet voting
which opens up an election to any hacker from anywhere in the world.

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x5737124
Printer Friendly | Permalink |  | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 09:29 PM
Response to Original message
6. Teen-age ciber criminals have hacked govt systems:
Internet voting makes elections accessible to anyone with a computer. That is not a good idea.
Maybe ciber crime isn't publicized enough. Anyway, there would be a huge payoff to someone
who could rig a statewide or national election. Or even a local one. Elections are high stakes, big money.

Hacker High: 10 Stories of Teenage Hackers Getting into the System


Student at Downingtown High School West — Downingtown, Pa.
A 15-year-old student was arrested and charged with felonies in May 2008 for stealing personal data from the Downingtown School District's computer system and downloading files that contained the names and Social Security numbers of more than 41,000 of district residents (including 15,000 students). The unnamed student allegedly accessed the files, which were located on the district’s server, through a school computer during a study period, and officials believe that he copied the files to his home computer. This is the second time in the 2007-2008 academic year that a student has broken into the Downingtown School District’s computer system; another student was arrested for hacking into the system in December 2007.

...

Jeanson James Ancheta — Los Angeles
In 2005, the FBI nabbed 20-year-old Jeanson James Ancheta, a reported member of the "Botmaster Underground," a group of script kiddies known for their bot attacks and spam inundation. His sinister cyberscheme infected computers at the United States Naval Air Warfare Center Weapons Divistion in China Lake, Calf. and the Defense Information Systems Agency, a component of the United States Department of Defense. In the first prosecution of its kind in the U.S., Ancheta was arrested and indicted on 17 federal charges for profiting from the use of "botnets."

Aaron Caffrey — Britain
Aaron Caffrey 19, was accused of almost destroying of North America's biggest ports, the Port of Houston in Texas, by hacking into its computer systems. Computers at the port were hit with a DoS (denial of service) attack on Sept. 20, 2001, which crashed systems at the port that contained data for helping ships navigate the harbor.

The prosecution said that the Brit’s computer contained a list of 11,608 IP addresses of vulnerable servers, along with malicious script. The attack on Houston was apparently tied to a female chat-room user called Bokkie, who had made anti-U.S. comments online. Still, a jury found Caffrey not guilty in October 2003.

Raphael Gray — Wales
Raphael Gray, 19, became the subject of an international investigation after he got his hands on 23,000 Internet shoppers' details and posted some of them to Web sites. The scheme, which Gray claimed was an attempt to expose security weaknesses in Internet shopping, cost users hundreds of thousands of pounds. Gray was been sentenced to psychiatric care and told reporters that he felt no regret for what he’d done

c0mrade — Miami
In 2000, a 16-year-old from Miami known on the Internet as "c0mrade" became the first juvenile to go to jail on federal computer-crime charges for hacking into NASA. The boy admitted to attacking a military computer network used by the DTRA (Defense Threat Reduction Agency) from Aug. 23, 1999 to Oct. 27, 1999. The youth installed a backdoor access on a server that intercepted more than 3,300 electronic messages to and from DTRA staff. The backdoor also accessed at least 19 usernames and passwords of DTRA employees, including at least 10 usernames and passwords on military computers. The unnamed juvenile was sentenced to six months in a detention facility.

Mafiaboy — Canada
Over a five-day period in February 2000, Yahoo! Inc., CNN, eBay Inc. and Amazon.com Inc. became victims of the largest DoS attack ever to hit the Internet. The attacker? A 14-year-old Canadian named Mike Calce, who went by “Mafiaboy” online. He became the most notorious teenage hacker of all time, causing millions of dollars worth of damage on the Internet.

Calce initially denied responsibility for the assault but later pled guilty to most of the nearly 50 charges against him. On Sept. 12, 2001, the Montreal Youth Court sentenced him to eight months of "open custody," one year of probation, restricted use of the Internet and a small fine. Calce later wrote as a columnist on computer-security topics for the French-language newspaper Le Journal de Montréal.

Ehud Tenenbaum — Israel
Computers at the Pentagon were targeted in an attack called "Solar Sunrise" during a tense time in the Persian Gulf in 1998. The attack led to the establishment of round-the-clock, online guards at major military computer sites. At the time, U.S. Deputy Defense Secretary John Hamre called the attack "the most organized and systematic attack" on U.S. military systems.

While officials initially pointed fingers at two American teens, 19-year-old Israeli hacker Ehud Tenenbaum, who was called "The Analyzer," was identified as their leader and arrested. Tenenbaum later became the CTO of a computer-consulting firm.

Richard Pryce and Matthew Bevan — Britain
Two teens touched off one of the biggest ever international computer crime investigations in the U.S. when, for several weeks in 1994, they attacked the Pentagon's computer network and tried to get access to a nuclear facility somewhere in Korea. The cyberculprits were identified as 16-year-old music student Richard Pryce (known as "Datastream Cowboy") and Matthew Bevan (known as "Kuji"), who was arrested two years later at age 21. Conspiracy charges against both Pryce and Bevan were later dropped, though Pryce was ordered to pay a small fine.

414s — Milwaukee
They may sound like a cheesy '80s band, but the 414s were actually a band of youthful hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory and Memorial Sloan-Kettering Cancer Center. Later uncovered as six youths ranging in age from 16 to 22, the group met when they were members of a local Explorer Scout troop. These Scouts-turned-cybercriminals were investigated by the FBI in 1983.

The media took to the story of the youths, who met the somewhat sexy profile of early '80s computer hackers as established by Matthew Broderick's character in "WarGames," which was released the same year that the 414s rose to glory. In fact, 17-year-old Neal Patrick got more than his 15 minutes of fame when he appeared on the Sept. 5, 1983 cover of Newsweek. Most of the members of the 414s were not prosecuted, but their cybershenanigans lead to government hearings on hacking, as well as the introduction of six bills concerning computer crime in the U.S. House of Representatives.

http://www.itsecurity.com/features/hacker-high-061008 /

Printer Friendly | Permalink |  | Top
 
Ohio Joe Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 10:15 PM
Response to Original message
7. Bullshit
"Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach."

"The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained."

Absolute bullshit. If the thieves got in through their website, they should know exactly what data was accessed. Either they don't know how the breach happened or they don't want to confirm the exact data stolen. Either way, they are not telling the truth.
Printer Friendly | Permalink |  | Top
 
AncaSuciu Donating Member (2 posts) Send PM | Profile | Ignore Thu Jun-04-09 01:30 AM
Response to Original message
8. respect customer privacy
If you show your customers that you understand and respect their privacy they will do business with you, otherwise, you will loose them.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 09:00 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Latest Breaking News Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC