US state gov't site hacked, credit card numbers stolen

30.01.2006
Hackers broke into the official Rhode Island state government Web site, www.ri.gov late last month and stole 4,117 credit card numbers, according to New England Interactive Inc. (NEI), the company that manages the site. NEI is a subsidiary of Olathe, Kan.-based e-government provider NIC Inc.

"We discovered the breach on Dec. 28," said NIC spokesman Chris Neff. "It was due to an error in a line of software code that our local office in Rhode Island that manages the state's portal [NEI] had written. So we immediately closed that breach, fixed that error and initiated a deeper investigation, including a follow-up security scan of the entire site."

According to Neff, NEI at first thought that only eight credit cards had been compromised. "We immediately contacted the Rhode Island CIO and the Secret Service and the credit card-issuing companies to flag those accounts so they could be monitored for possible fraudulent activity," Neff said.

After further analysis, however, NEI discovered that 4,117 credit card numbers were actually involved. "At that point, we went through the notification process again with the Rhode Island CIO, Secret Service [and the] credit card companies," he said. "Now we're collaborating with the state, the credit card companies [and] the Secret Service working on several solutions. We're working toward contacting those card holders and working toward providing some additional services to them [like] credit monitoring and credit rehabilitation for people who were harmed ... as a result of this. And we're working with the state on the security -- they've hired an external security firm, we have done the same, to assess the state's security measures and ensure that everything is up to par going forward."

According to a statement from NIC Monday, the stolen credit card numbers were used in transactions with government agencies between Dec. 31, 2004, and March 8, 2005. NIC recommended that anyone who used credit card information on the Rhode Island Web site contact their credit card companies and request that their accounts be monitored for fraudulent activity.

A check of the state site indicates that consumers can conduct a variety of transactions online using a credit card, including renewing fishing and boating licenses, obtaining driving records and renewing vehicle registrations that have been temporarily suspended.