Hackers steal credit card info from R.I. Web site

Rhode Island Web site

The story was first reported by The Providence Journal this morning and comes two days after state and local government officials released national surveys indicating they need more cybersecurity guidance and help in strengthening their systems.

The newspaper reported that the hackers boasted two weeks ago on a Russian-language Web site that they broke into http://www.RI.gov and stole credit card information for as many as 53,000 transactions.

State officials said the Rhode Island Web site was breached Dec. 28, 2005. The site is managed by New England Interactive, a subsidiary of NIC, an e-government company based in Overland Park, Kan., that manages 17 other state portals.

Renee Loring, a spokeswoman for RI.gov, confirmed that a server database was breached and encrypted credit card information was obtained. However, she did not say how much data was stolen. It was the first such incident at RI.gov and state officials were contacted Dec. 29, the day after the incident, she noted.

“Limited and encrypted credit card information for several thousand cardholders was obtained,” she wrote in an e-mail message to Federal Computer Week. “It’s important to note that RI.gov has been and continues to be in compliance with the Payment Card Industry’s Data Security Standards, so the portal does not retain complete credit card data.”

“The credit card companies own the relationships with their cardholders, and we are working closely with those financial institutions,” she added. “We are also encouraging citizens who have used a credit card at RI.gov to contact their credit card providers and request that their accounts be appropriately monitored for potential fraudulent activity.”

RI.gov is working closely with law enforcement officials to resolve the matter quickly, she noted. She added that they have conducted internal and external security audits with a third-party provider since the incident and are confident the site is secure.

Chris Neff, a spokesman at NIC, said the Rhode Island breach was an isolated incident, and the company has never had a security breach at any of the 18 portals it manages.

“RI.gov immediately discovered the incident in the course of its routine security procedures,” he wrote in an e-mail message to FCW. “Since then, the portal has closed the gap and has performed both internal and external audits with a private contractor to ensure that it maintains all appropriate security procedures. While we don’t comment on the specific security measures we use, I can tell you that we have worked closely with our other portal sites to ensure that every operation we support is secure.”

According to the newspaper story, the Russian Web site displayed images of how the hackers were breaking into the state portal. The final image shows “a list of 38 credit card accounts the hackers claim to have stolen,” the paper states. “Part of the screen is blocked by a black rectangle emblazoned ‘CENSORED’ in white letters in English. The rectangle covers part of the credit card number, but some digits are not hidden.”

The newspaper contacted two individuals whose names appeared on the list of stolen credit card accounts. Although they found no unauthorized charges on their accounts, they told the newspaper that state officials did not contact them, the newspaper reported. At least one individual was concerned enough to cancel his credit card, it states.

On Jan. 25, the National Association of State CIOs and Metropolitan Information Exchange released surveys on the cybersecurity environments in state and local governments. Representatives said they needed more leadership from the federal government to help them with strengthening networks, among other things.