Cybersecurity contractor's network hacked
A large U.S. government contractor specializing in providing cybersecurity and privacy services, has warned its employees their personal information may have been stolen after hackers planted a virus on its computer network
Here is a case of “Physician, heal thyself” (Luke 4:23): SRA International, a government contractor that provides cybersecurity and privacy services, has warned its employees their personal information may have been stolen after hackers planted a virus on its computer network. The malware was installed on the same network that stored employees’ personal data including names, addresses, dates of birth, health information, and social security numbers, according to a letter (PDF) filed with Maryland’s Office of Attorney General. Information might also include personal employee details included in security position questionnaires.
Dan Goodin writes that company investigators do not know whether the information has been intercepted, but decided it was appropriate to warn employees of the possibility, the letter said. The company has offered the services of a credit monitoring company to mitigate the chances of identity theft. The breach was reported earlier by IDG News.
The letter did not say how the virus made its way into a presumably secure network. “We have shared our findings with our anti-virus vendor and they have updated their virus definitions to detect the virus files we identified,” the letter stated. “While we have no specific information, we believe that the security issue may affect more than just SRA.” The letter went on to admonish employees that news of the breach “is company proprietary and should not be discussed externally.”
SRA had close to 6,500 employees as of 30 June, according to the company’s annual shareholder report (PDF). The same document went on to praise its computer security savvy. “In 2008, SRA strengthened its information assurance practice in identifying data risks and preventing security breaches by fully integrating its leading cyber security analytics, forensics, information operations, network exploitation, privacy and identity management capabilities,” it said.