MONTGOMERY – Alabama Department of Homeland Security Director Spencer Collier on Thursday updated the public on a recent cyber intrusion within the Alabama Information Services Division (ISD) and outlined a plan of action to help those who may be affected.
After becoming suspicious of unusual activities, ISD employees self-detected that a firewall protecting the state’s IT system had been breached. ISD employees subsequently notified ALDHS. Immediately, the Alabama Department of Homeland Security contacted state and federal authorities to open a criminal case. Simultaneously, Director of ISD Jack Doane activated a computer emergency response team to confirm that an intrusion had taken place and to formulate a plan to respond.
As the investigation continued, authorities discovered that personal information was accessed during the attack. Certain information relating to a limited number of employees and vendors was compromised by the attacker. The information that was accessed may have contained personally identifiable information (PII) such as a name, social security numbers and taxpayer identification numbers. No taxpayer records or returns were compromised.
As the Director of Homeland Security and Senior Law Enforcement Advisor, Director Collier immediately began working with our state and federal partners to open a criminal investigation and assess the potential compromise of any sensitive information. After reviewing the case, authorities believe, but cannot be certain, that the attack was perpetuated by a certain entity that does not have a history of malicious activity regarding PII.
According to Director Collier, “When we discovered the intrusion, we took immediate action. We activated a criminal investigation and worked with renowned IT experts to begin the processes of remediation of damages. At that time, we had not discovered where any personally-identifiable information had been compromised. However, we promised the people of Alabama that if we discovered that any information was accessed, we would notify them as soon as possible. I can assure you that the authorities involved in this investigation have made it their mission to protect the people, and notifications are now taking place.”
“We will help anyone affected by connecting them with credit monitoring services,” Director Collier added. “Additional security measures are also in place with the goal of preventing future breaches. Our investigation will continue, and we are doing everything within our power to address this issue and help the people who are affected.”
To further protect identity, the state is providing a one-year service from a leading identity theft service company to those whose PII may have been compromised. This service helps detect misuse of personal information and provides identity protection services.
According to Jack Doane, “The State of Alabama ISD responded to the attack on January 16, 2013, by reviewing and preserving log data and by changing passwords on all administrator accounts. ISD increased its perimeter defense and shut down all external access into the state network. Additional logging and log correlation was put in place to assist in the investigation and remediation plans.”
Any further release of information pertaining to the scope of the intrusion or the response measures used to remediate the vulnerabilities could negatively influence the investigation.
“State and federal authorities are still investigating, and further discussion of sensitive information could possibly jeopardize the process,” Director Collier reiterated.