Tuesday, 4 March 2014

Detroit employees' personal information may be at risk in computer security breach

About 1,700 current and former Detroit firefighters and emergency medical technicians will be offered free credit report monitoring and identity theft insurance after city officials discovered a security breach on a computer at city hall involving files with personal information about the employees and retirees.
The city’s new information technology chief, Beth Niblock, said today that it appeared a city employee clicked on a malware — or malicious software — link in an e-mail that released a code that froze access to numerous files. Two of the files included information such as the names, dates of birth and Social Security numbers for the current and former employees, but it did not appear that the malicious code accessed information that was in the files.
“We’re notifying the affected employees by letter,” Niblock said at a news conference today. “We take the security of our employees’ and former employees’ information seriously.”
The city’s top lawyer, Melvin (Butch) Hollowell, said it appeared that the malware originated from somewhere overseas, and that the city has notified authorities about the breach.
Niblock, now in her second week on the job as Mayor Mike Duggan’s IT leader, said such malware is commonly sent to corporate, government and personal e-mail accounts, often in an attempt to get e-mail users to provide personal information that can be used to access credit cards, bank accounts and the like.
Some malware programs freeze access to files and then demand payment before access is restored, but there was no such demand in this breach, Hollowell said.
Niblock is expected to oversee a transformation of Detroit’s antiquated computer technology systems as the city prepares to spend $150 million over the next decade to upgrade its IT networks under a bankruptcy plan proposed by emergency manager Kevyn Orr. But even the best computer systems are vulnerable to malware attacks, and the city is looking into additional training on computer security for city workers, she said.

No comments:

Post a Comment