But the Cain & Abel issue was just the tip of the iceberg, Oliver said.

Instead, a more pressing problem was the discovery early in February of suspicious Web traffic coming into the state's network that appeared to be from the SQL Slammer worm, Oliver said. For several months, as part of its security audit and improvement strategy, the state OIT had been trial testing a network intrusion-monitoring system from Cisco Systems Inc. The Cisco Security Monitoring, Analysis and Response System (MARS) appliance is designed to search for system anomalies, track them down and stop any threats. The MARS device was seeing indications of the worm attack that was affecting many of approximately 60 state servers running Microsoft SQL Server, he said.

The SQL Slammer worm attacks a software vulnerability that can allow unauthenticated remote attackers to execute arbitrary code on the server host, according to information from the U.S. Computer Emergency Readiness Team. Patches have been available from Microsoft since 2003 to repair the vulnerability.

Oliver said that when he and other IT workers discovered the Slammer issue as part of their security investigation, they realized SQL databases that contained credit card information could be vulnerable because those same SQL servers had not been patched. On Feb. 10, OIT workers began a large-scale software-patching routine on the SQL servers, he said.

On Feb. 15, the OIT announced security breach concerns involving Cain & Abel. Two days later, Oliver said he was told by his boss, state CIO Richard C. Bailey Jr., that he was being placed on administrative leave with pay. Oliver said he was told that the action was nondisciplinary and nonpunitive but was being done while an investigation took place.