At least 228,000 Social Security numbers were exposed in a March 30 breach involving a Medicaid server at the Utah Department of Health, according to officials from the Utah Department of Technology Services and Utah Department of Health, which theorized that attacks from Eastern Europe bypassed security controls because of configuration errors. In May, Utah CIO Steven Fletcher resigned because of it.
Other March snafus:
" The Vatican found its websites and internal email servers subject to a weeklong attack after the Anonymous collective said it was felt justified in this by the fact that the Vatican Radio System has powerful transmitters in the countryside outside Rome that allegedly constituted a health risk, including supposedly "leukemia and cancer," to people living in the vicinity. Another justification given were claims the Vatican allegedly helped the Nazis, destroyed books of historic value and that the clergy sexually molested children.
" Hackers in the LulzSec group associated with the broader Anonymous movement found the tables turned when they were arrested by the FBI and European law-enforcement agencies -- and it was LulzSec leader Hector Xavier Monsegur, alias "Sabu," who turned in his friends as part of a deal to work as a stooge for the FBI after being arrested in New York City last year.
" By the end of March, LulzSec claimed to be "reborn" and took credit for hacking a dating website for military personnel, MilitarySingles.com, leaking more than 160,000 account details from its database.
" Dutch police arrested a 17-year-old suspected of compromising the account data on hundreds of servers belonging to telecommunications operator KPN. The teenager, arrested in the Dutch town of Barendrecht, "made a confession," according to Dutch authorities. In the wake of the hacking spree, KPN said it would appoint a chief security officer and set up a permanent control center to monitor its systems.
" A flaw was discovered in Barclays contactless bank cards that could allow customers' data to be stolen and used fraudulently with them knowing about it, according to an investigation by ViaForensics in conjunction with Channel 4 News. But Barclays dismissed the claims as inaccurate.
" Security firms knew there was trouble when Kaspersky Lab identified code-signed Trojan malware dubbed Mediyes that had been signed with a digital certificate owned by Swiss firm Compavi AG and issued by Symantec. Symantec said it found out that the digital certificate's private key held by Compavi had indeed been stolen; whether by an insider or an outside attacker wasn't known.
" A security firm based in Slovakia, ESET, asserted a website operated by the country of Georgia has been used as part of a botnet to conduct cyber-espionage against that country's residents. But ESET researchers admitted they aren't sure whether the Win32/Georbot they have been monitoring is being directly operated by the Georgian government or by cyber-spies through a compromised Georgian agency.
Sign up for CIO Asia eNewsletters.