Wow! This one is going to be huge!
The State of Utah wasn’t “minding the store” and hackers broke into a server and stole the Social Security Numbers of some 280,000 Utahans. They also made off with the less sensitive information (e.g. names & birth date, etc.) of another 500,000 people.
I have been reading more and more lately about the threat of cyber war and how the US is drastically unprepared to defend itself in cyberspace. The article above indicates that they traced the hackers as far as eastern Europe suggesting it has an international flavor. Though Europe may not necessarily be the launching point for the attack there is certainly a nexus of hacking activity originating from the region. One could imagine that perpetrators are linked to organized crime and maybe even backed by a foreign government. It will be interesting to see how this one plays out given that it was aimed at a State agency and the FBI is now involved.
I’m afraid that it will be very difficult for the average person to defend themselves against the types of attacks that may be coming in future cyber war conflicts. The good news is that most of the time people go after the lowest hanging fruit. That means that if you’re smart and take some basic steps there’s a good chance they will move on to easier targets. See our Check List for a quick overview of things you can do to help raise the bar.
Updated May 18, 2012
More than a month later and this hack and the resulting political fall out is still big news here in Utah. My friend Kristen Stewart and others at the Salt Lake Tribune have written a series of articles help people understand what happened and what it means to their private data. I encourage you to read them so that you know what is happening and how your data may have been impacted.
Even if you don’t have time to read all these articles you’ll want to at least go here:
and find out if your data was compromised.
Updated June 17, 2012
Yesterday we learn that a University of Utah Health Law Professor investigates breach and argues that sharing information without notifying patients violates HIPPA law.