honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Saturday, March 6, 2010

2 state Web sites hacked


By Sean Hao
Advertiser Staff Writer

Hawaii news photo - The Honolulu Advertiser

Russ Saito

spacer spacer

The state has temporarily taken down two procurement-related Web sites following a security breach that exposed the user names and passwords of hundreds of state and county employees.

State Comptroller Russ Saito said the Web sites were hacked earlier this week by someone in Romania. No financial information was compromised and it does not appear that any other personal information was obtained, but both sites will remain offline until at least next week, Saito said.

"It looks like a hacker infiltrated the site and copied some of the user files," he said. "We don't think they've had time or have been able to do anything with the IDs or passwords.

"Because of the concern for security, we decided to take the site offline."

Thousands of visitors use the two Web sites run by the state Procurement Office and the Department of Human Services. Both sites are used to post notices of contract awards. The sites will be running again following security software upgrades and the issuance of new user names and passwords, Saito said.

The latest hacking follows an incident last year when someone using a computer in Russia vandalized a state Web site, Saito said. Neither security breach resulted in the disclosure of personal financial information, Saito said.

State agencies are required to disclose security breaches that result in the release of personal information under under Act 135 of 2006.

The most recent disclosure was in January at the Department of Health when a filing cabinet was lost during an office move. It's believed that the cabinet contained personal details of two people.

Last year, the financial aid records of more than 15,000 Kapi'olani Community College students may have been compromised by a virus that affected a computer with access to financial aid records of students from Jan. 1, 2004, to April 15, 2009.

And in late 2008, the Department of Land and Natural Resources inadvertently posted on its Web site scholarship letters and Social Security numbers for eight people.