Hackers steal hundreds of thousands of Social Security numbers

Hackers steal hundreds of thousands of Social Security numbers
Published April 10, 2012 Associated Press -- Fox News article


They initially reported 24,000 people had their personal info downloaded by a hack group.
(Names, addresses, SS numbers, etc)

Now they said it's more like 182,000 on March 30th.

And in the next breath, the article says 900,000 !!??!!

Apparently this is a breach of health information records from Utah.

So much for all the "secure" networks everywhere. Especially when it's American citizens.

SALT LAKE CITY – An additional 750,000 people had their personal information stolen by hackers, state health officials said Monday after discovering that the thieves downloaded thousands more files of data than authorities initially believed.

Officials originally estimated that about 24,000 people had their records stolen after a computer tracked to Eastern Europe infiltrated a server beginning March 30, then changed that number to 182,000 victims.

Health officials now believe a total of nearly 900,000 people have had their personal data stolen.

Aside from the obvious punishment of the perpetrators, when will they prosecute the ones responsible for the "security" systems that are bought and paid for ?

Perhaps all these "hacks" are made easier because of tip-offs from "secure" areas ?

Thank you for another quality news item. I look forward to your posts for the news I often would miss without you.

Now my question here is...Can anyone still consider a National Database of ALL our health records a good thing? Secure? what's that?? If every doctor and health provider can access it to add to it, I don't care that it's not DESIGNED to let them all see everything too....The fact they are in to add means the rest is just a clever hacker away from being on the screen.

I'll remember this story when the issue of that Super-Medical Record database comes up again. I'm hardly special enough in a medical sense to have anything of interest...but privacy concerns didn't use to require a justification to explain, either.

Everything leaks!....There is no such thing as security only measures to minimize leakage.

Data will be compromised! No biggie in knowing who is doing all of this hacking.

Great post on the info though. S & F

People must realize that once you are entered into a data base system you are effectively putting yourself and all information acquired about yourself in jeopardy! It is the nature of the beast.

reply to post by Wrabbit2000


They will end up using a national database for fraud, just like all the smaller ones.

You can imagine the double and triple billings that will happen and be collected !!

We'll end up with the same people living and breathing in multiple places at the same time.

The security issues with all data is huge.

They need to place gigantic stiff penalties on the ones who are responsible for the "security".

I bet this happens alot more than we know.
Hopefully mine was in that database!
Maybe they will improve my credit a little bit.

Anything to force or bring the Voter ID ?

Simple fix. Want a secure database? ENCRYPT THE DAMN DATA AND DON'T CONNECT IT TO THE BLOODY INTERNET OR OUTSIDE NETWORK! The people who manage and 'secure' these networks are idiots! It is not complex to secure data the complexity comes when some highly paid middle management pea brained fool makes his next piece of corporate brilliance 'remote access via the internet to unencrypted secure data for everybody' Private networks are much harder to hack into than internet connected ones (generally because you need physical access to the network - difficult to do in a secure area without inside help) therefore limiting your hacks to some very well funded corp or government not some 15 year old kid sat in his bedroom trading the data he just stole!. Stuff like this really annoys me! IT'S NOT HARD TO SECURE DATA - Just requires some common sense (like not setting your password to 'password' because nobody will ever think to try that!'

Note how a major leak from another secure network (Bradley Manning leaks to Wikileaks) he actually transferred it onto external storage then walked out with it. Another case of an easy fix. Don't allow portable memory devices into secure areas and disable USB access. He might have even got away with it if he'd kept his damn mouth shut!

Isn't this a good reason to return to a paper-based society?

Wasn't it harder to cheat and steal before we went cyber?

Aside from the obvious punishment of the perpetrators, when will they prosecute the ones responsible for the "security" systems that are bought and paid for ?

Perhaps all these "hacks" are made easier because of tip-offs from "secure" areas ?

I think that the system admin, or whoever is responsible for network security at these places, should be held accountable under certain conditions. For instance, once the vulnerability that was exploited has been discovered, authorities should check as to whether a patch for that specific vulnerability was already available.

If a fix for a known vuln has been available for a certain system, yet the sysadmin neglected to update, he/she should be held responsible. Sometimes however the hackers are using a new exploit and are targeting a specific vulnerability that has not been identified by white hats.

Those who are not familiar with how hacking actually works, or network security in general, seem to think that the hackers just start typing on their keyboards and can launch a nuclear missile, or launch a nuke from a payphone like in the Kevin Mitnick case. In reality hacking is not glamorous, and can actually be extremely easy. There are different types of exploits that hackers can use, and all that means is that usually a portion of the code the system is running can be made to do something it was not designed to do from the outside. It's different for different vulns, but you get the idea.

The hard part is discovering these holes and writing code or figuring out another method to not only exploit them, but to do so in a way that is useful...Ideally that would be root access. Once a vuln has been discovered, programmers/hackers of darker shades can write scripts or programs to make exploiting these holes very easy, sometimes just a few clicks. Then hacker-wannabees can take that code and run it against a specific system, gaining access the same way the real hackers would, with absolutely no work invested.

If that is what happened in this case, then whoever's responsibility it was to maintain the system should be help responsible, because the system should have been patched. For high profile attacks such as this one the hackers are usually finding and exploiting new vulnerabilities.

Is it me, or this an everyday occurrence? Every other day we hear about security breaches from peoples' personal information to classified government documents. As the OP said, the people responsible for data security ought to be held liable, and stiff penalties ought to be imposed! This crap is getting ridiculous! Hundreds of thousands of SSNs?

Yuri and Vladimir can buy a lot of Mountain Dew kiting those numbers on the open market. Then you got Joe Q surrounded by bank examiners and attorneys engulfed in mountains of paperwork in feeble attempts to repair catastrophic damage done to their credit and good name. The only person that loses in all of this is the victim, but the lawyers, bankers, and cyber thieves are laughing all the way to the bank on the dime of someone else. These government entities and businesses best get their act together, because if it were me I would be raising hell!

With paper it was easy to get a handful of data sets. With digital, it's easy to get millions of data sets.

You'd think that the social security administration would have a secure website that would prevent hacking.
But having said that how would the counter intell agencies get there information if they couldn't access the database.

Its a catch 22 if you ask me ... most of the social security applications are handled online today!

reply to post by xuenchen


the Utah dept of health services has some 900,000 persons in their active records. ?


i hold my breath with Medicaid & VA health services/files... cause i know they will eventually be hacked

along with the' digital medical records' being created on everyone in the USA & Its territories

Originally posted by St Udio
reply to post by xuenchen

 

the Utah dept of health services has some 900,000 persons in their active records. ?


i hold my breath with Medicaid & VA health services/files... cause i know they will eventually be hacked

along with the' digital medical records' being created on everyone in the USA & Its territories

This is very distressing for me.

all it takes is one untrustworthy bank or collections or government/public services employee and they have access to everyones SSN In the system, city, state or whole country!

no wonder for every valid SSN, it has at some point been used by 5-10 people (usually illegal aliens to work/bank/credit/benefits under, and/or by id thefts of course)

I am anything but a hacker yet I have public unsecured access to hundreds of thousands if not millions of SS numbers.

Originally posted by oghamxx
I am anything but a hacker yet I have public unsecured access to hundreds of thousands if not millions of SS numbers.

Well there's always a trust factor and ethics involved. I mean even the person with the highest security clearance has access to wealth of knowledge but it all bottoms down to the individual and human factor.

Think of all the companies that want you to store your personal information on a cloud.
Guess what I will never use even if I have to buy an old Tandy computer.

So another Anonymous CISSP government contractor has found another website that is vulnerable and they decided to do a press release to make the sheep scared so that they will sign up for a monitoring sevice that will sell all your data third party to the US government while you pay for it yourself. Its a setup! The government can't afford to keeping spying on us because it cost to much. Now they want you to sign up and pay for the spying for them. They even want Facebook to go public on the stockmarket so In-Q-Tel could quit paying for it. Let the sheep pay for there own government spying. If your interested in In-Q-Tel heres the CIAs website where they tell you what it is.

www.cia.gov...

Government is now turning third party buyer for the information they want from the companies you pay to monitor you. George Zimmerman even worked for a company doing this. link Oh but your not supposed to know that. The President met with his boss at the White House and said shhh!

This is what the guy who hacked the Florida voters database did to his certificate when the yelled at him for posting links on twitter. They got him on ethics charges.


Poor Boris. But he just started his own company and does the same thing just not with Jaded Security working for Homeland Security.
attrition.org...

My social security number (and other personal information) have been "leaked" twice by two different employers!
I found out, in both cases, when I got a letter in my mail saying they were sorry, it won't happen again, and as a conciliation we are signing you up for 12 months of free credit monitoring service. Apparently they aren't aware my social security number and other info does not have an expiration date even though their sense of responsibility does.