[BreachExchange] Anne Arundel library computers still offline as county battles virus attack
Destry Winant
destry at riskbasedsecurity.com
Tue Oct 16 00:26:48 EDT 2018
http://www.capitalgazette.com/news/ac-cn-library-computer-virus-20181013-story.html
Public computers at Anne Arundel County libraries are expected to be
offline at least another two weeks as officials continue to battle the
effects of a “Emotet” virus that infected about 600 computers last
week.
The county announced Oct. 6 the computers were exposed to the virus,
which targets users through sophisticated email ruses. It prompted
officials to inform 4,768 customers who used public computers since
Sept. 17 to monitor their personal information for fraudulent
activity.
In a release Saturday, spokeswoman Christine Feldmann said,
“Information technology professionals are still working to permanently
remove the virus and the complicated process will likely take another
two weeks.”
She wrote, “Recognizing the severity of the situation, library
officials are hiring internet security experts to assist with
eradicating the virus and cleaning the network.”
County libraries first learned of the virus Oct. 4, Feldmann wrote. A
week later, “Officials discovered that a database of customers who
used library computers or the business services kiosk for copy, facing
(or) printing was exposed to the virus.”
The database includes library card numbers, customer names and
birthdays dating back to November 2015. Customers use their library
card to log into the public computers, but Feldmann said no other
personal information is kept by the database.
Customers who were told they might be affected are asked to think
about changing other account passwords if they used a library computer
or the business service kiosk.
“Along with many organizations, we’ve discovered vulnerabilities
through this breach and are taking comprehensive steps to prevent any
future incidents, library CEO Hampton “Skip” Auld said in a statement.
If you think you’ve been affected by the breach, visit
www.aacpl.net/consumer for additional resources.
More information about the BreachExchange
mailing list