A cybersecurity attack threatened the State of Alabama’s computing network in December, prompting the Office of Information Technology to issue a warning for state workers to change passwords and to monitor workflow more carefully because fraudulent invoices and purchase orders were being sent to the Department of Finance and internal agencies’ accounts payable.
According to the memorandum obtained by APR, “On Tuesday, December 17, 2018, the Office of Information Technology discovered an active cyber security event in the State’s cloud environment.” To counter the security breach, OIT recommended that every state employees—some 40 thousand individuals—change their passwords “immediately,” adding “it would be prudent to change any personal passwords that have been in use for more than 6 months.”
While stating, “the bad actors have been identified by IP address and blocked where possible,” OIT cautioned that agencies should, “Limit data that appears on public-facing websites.” Have set workflows and checks in place for making payments to vendors and further alerted agencies too, “monitor accounts closely.”
OIT says it believes the fraudulent invoices and purchase orders were, “generated from information gathered from the internet and other public sources.”
No additional information was provided on how many agencies were affected by the security breach, but OIT Chief Security Officer Ryan Allen said no sensitive data was compromised.
”The State of Alabama defends against millions of attacks every week,” Allen said last month. “Earlier this week we detected multiple threats against state cloud email accounts. We recommended all users change their passwords out of an abundance of caution. Fraudulent invoice scams are common amongst all business and several agencies reported them this week, prompting us to include a warning along with the recommendation to change passwords.”
OIT has been plagued by internal strife, lavish spending and scant oversight since its inception under disgraced former Gov. Robert Bentley.
The Gov. Kay Ivey administration early on moved to rein in the department with significant management changes. However, many who work at OIT claim massive incompetence still bedevils the department.