R.I. government site hacked, credit card numbers stolen
State officials say they were told of the breach only last week
January 30, 2006 12:00 PM ETComputerworld -
Hackers broke into the official Rhode Island state government Web site, www.ri.gov late last month and stole 4,117 credit card numbers, according to New England Interactive Inc. (NEI), the company that manages the site. NEI is a subsidiary of Olathe, Kan.-based e-government provider NIC Inc.
"We discovered the breach on Dec. 28," said NIC spokesman Chris Neff. "It was due to an error in a line of software code that our local office in Rhode Island that manages the state's portal [NEI] had written. So we immediately closed that breach, fixed that error and initiated a deeper investigation, including a follow-up security scan of the entire site."
According to Neff, NEI at first thought that only eight credit cards had been compromised. "We immediately contacted the Rhode Island CIO and the Secret Service and the credit card-issuing companies to flag those accounts so they could be monitored for possible fraudulent activity," Neff said.
After further analysis, however, NEI discovered that 4,117 credit card numbers were actually involved. "At that point, we went through the notification process again with the Rhode Island CIO, Secret Service [and the] credit card companies," he said. "Now we're collaborating with the state, the credit card companies [and] the Secret Service working on several solutions. We're working toward contacting those card holders and working toward providing some additional services to them [like] credit monitoring and credit rehabilitation for people who were harmed ... as a result of this. And we're working with the state on the security – they've hired an external security firm, we have done the same, to assess the state's security measures and ensure that everything is up to par going forward."
According to a statement from NIC today, the stolen credit card numbers were used in transactions with government agencies between Dec. 31, 2004, and March 8, 2005. NIC recommended that anyone who used credit card information on the Rhode Island Web site contact their credit card companies and request that their accounts be monitored for fraudulent activity.
A check of the state site indicates that consumers can conduct a variety of transactions online using a credit card, including renewing fishing and boating licenses, obtaining driving records and renewing vehicle registrations that have been temporarily suspended.
NIC realized that more than eight credit cards might have been compromised last week, when it learned of information on a Russian-language Web site that appeared to discuss the hacking. NEI worked to cross-reference details on the Russian site against information it already had and on
Additional Resources



White Papers & Webcasts
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Security Pathways to Less Complexity
Find pathways to security solutions, possibly peace of mind about your information security.
Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.
