Massachusetts Unemployment Assistance And Career Centers Face Virus Attack

By Author: eccuni
Total Articles: 211
Comment this article

Computer systems and networks are susceptible to cyber-attacks. Cybercriminals may compromise systems by exploiting vulnerabilities in IT infrastructure, using social engineering techniques to trick users to follow their instructions to install malware or virus. Attackers may gain remote access to the affected computers, and issue arbitrary commands. Recently, Executive Office of Labor and Workforce Development (EOLWD) of Massachusetts issued alert for possible data breach incident at Department of Unemployment Assistance (DUA), Career Services (DCS) and One Stop Career Centers. Information security professionals detected that W32.QAKBOT virus had infected DUA, DCS networks, and individual computer systems at One Stop Career Centers, and initiated mitigating measures. While security professionals initiated mitigating measures, the virus was successful in compromising 1500 computers.

Information security professionals have temporarily shut down the affected servers to safeguard further proliferation of the virus. EOLWD reported the virus may have compromised information pertaining to 1200 employers. However, the exact ...
... number of affected individuals may vary on completion of investigation as attackers may have also accessed information related to unemployed claimants. The leaked information may include names, social security numbers, employer identification numbers, bank information, residential and business addresses, and e-mail addresses associated with the employers. EOLWD has notified the concerned state and federal agencies regarding the virus infection and possible data breach. EOLWD has warned that information pertaining to individuals or employers who conducted business with the affected departments from April 19 to May 13 is more likely at risk. Attackers may misuse extracted information for sending spam e-mails, carrying out spear phishing attacks, disseminating fake job offer letters, redirecting mails to different address, impersonating as a representative of a legitimate employer, and commit other forms of identity theft and fraud. Attackers may also use compromised computers to launch distributed denial-of-service attacks on a target resource. IT professionals must be encouraged to update their technical skills and stay abreast of latest developments in IT security through Online IT courses. The executive office has set up a hotline and is soon going to notify affected individuals regarding possible data breach.

Affected individuals must verify their bank statements and report any suspicious transactions to the relevant authorities. Usually, affected individuals become aware of identity theft or fraud on their accounts after a long time, when they receive communication from banks regarding delinquencies and defaults. They must request credit bureaus to place a fraud alert on their credit report to ensure banks and credit institutions contact them before opening any new accounts on their name.

Frequent data breach incidents have raised information security concerns. Negligence, lack of employee awareness, lack of regular security updates, software flaws, ignoring network security, treating IT security as a mere compliance measure are some of the major causes, which lead to security incidents. Lax security practices allow attackers to identify weaknesses in IT infrastructure, exploit vulnerabilities, and steal or manipulate files containing sensitive information. Professionals qualified in information security and IT degree programs may help in timely detection and mitigation of security vulnerabilities.

Employees must be trained on information security practices through e-learning programs, class-room training sessions. Organizations may collaborate with universities to hire employees qualified in online IT degree programs to ensure adherence to information security guidelines and best online computing practices.