Hacker Suspected Of Multistate Break-In SpreeHacker Suspected Of Multistate Break-In Spree

The hacker being investigated for stealing the personal identification information of 71,000 health-care workers certified in Indiana is suspected of breaching other state government sites.

A hacker broke into a server running shared applications on the Indiana state government Web site on Jan. 3, stealing the names, addresses, and Social Security numbers of the health-care aides who had been certified with the state, according to Chris Cotterill, director of the IN.gov Web site. The hacker also allegedly stole the credit card information of 5,600 people who had made transactions over the Web site.

The credit card information had been accidentally stored against state IT policy, said Cotterill in an interview.

"We don't normally retain credit card information," he said, adding that the financial data had been stored since April 2006. "If you come to our Web site to do a transaction, the information comes through for processing, but it's not retained for reasons like this. It was an internal error."

The Indiana Office of Technology issued an advisory that law enforcement agents notified executives there that charges are pending in the case, and that the U.S. Department of Justice believes the person who hacked into the Indiana government site is responsible for security breaches at other government sites in other states.

Attorneys for the Justice Department don't comment on ongoing investigations.

"While we are pleased to hear that a suspect has been identified and charges will be brought, we regret that other states have suffered from this same hacker," said Gerry Weaver, Indiana's CIO, in a written statement. "Regardless, this news does not distract us from our primary objective: ensuring the security of IN.gov."

The state informed the 5,600 credit card users in February that their information had been accessed, according to Cotterill, adding that the other 71,000 were notified last week.

Cotterill, who wouldn't say how the hacker got into the system, called the breach a "sophisticated" attack.

"It took a level of expertise we hadn't seen before," he said. "We have Web sites under attack every day, and our Web site has not suffered an attack like this before."