[BreachExchange] Hackers in Md. breach accessed names, Social Security numbers of up to 78, 000 people

Mon Jul 8 23:41:03 EDT 2019

https://www.washingtonpost.com/local/md-politics/maryland-data-breach-accessed-up-to-78000-names-and-social-security-numbers/2019/07/05/a14c2760-9f41-11e9-85d6-5211733f92c7_story.html?noredirect=on&utm_term=.d28ec8db10ea

Hackers illegally accessed the names and Social Security numbers of as
many as 78,000 people whose information is housed in two older
Maryland state databases, officials announced Friday.

The breach happened in April and involved data collected from people
who received unemployment benefits in 2012 or who sought a general
equivalency diploma in 2009, 2010 or 2014.

State officials on Friday began notifying people affected by the hack,
after an investigation by state workers and an independent company
found no evidence any information was downloaded from state servers.

“It was just accessed,” said Fallon Pearre, a spokeswoman for the
Maryland Department of Labor.

She said that the state does not believe any of the information was misused.

The data had been stored either in an old unemployment insurance
database or a database used for an adult literacy program run by the
state labor department.

The scope of the breach was much smaller than other recent
cyberattacks in Maryland. In May, a ransomware attack crippled
Baltimore, suspending many government functions and costing the
cash-strapped city roughly $10 million.

In 2014, a breach exposed 300,000 personal records of students and
faculty and staff members at the University of Maryland.

The state was among 21 whose election systems were targeted by Russian
hackers in advance of the 2016 election.

And Bethesda-based Marriott International announced last fall that
hackers accessed travel records for to 500 million guests, one of the
largest data breaches in history.

For the most recent hack of state databases, Maryland officials said
the state will provide two years of free credit monitoring to people
whose information was vulnerable.Last month, Gov. Larry Hogan (R)
signed an executive order creating the state’s first chief information
security officer and a new office dedicated to bolstering the state’s
defenses.

The state investigation of the hack of the labor department had been
underway since April, but officials say the creation of the new
cybersecurity post was not related to any particular incident.