Maine breaches

By JEFF INGLIS  |  September 1, 2010

When many Mainers think of "cybersecurity," they probably remember the 2008 HANNAFORD SECURITY BREACH, when 4.2 million credit- and debit-card numbers were stolen from shoppers at the grocery chain's stores.

What received little coverage amid the hype about the vastly overstated threat of identity theft (only 1800 accounts were actually used to make fraudulent charges — 0.04 percent of the stolen numbers) was that the breach was the first documented case of a new way of stealing this kind of information.

Previously, most security breaches resulting in theft of credit-card, bank-account, or even Social Security numbers had come from a single incident — either a physical theft of a computer or drive containing that information, or by connecting to a computer via the Internet and breaking through whatever security it might have in place. (This happened, for example, to THE UNIVERSITY OF MAINE HEALTHCARE CENTER'S COMPUTERS in June, when an unauthorized person accessed data on about 4600 students who had sought mental-health help at the university.)

But Hannaford's data was stolen over the course of several months, during transmission of the data from store cash registers to the system that the company used to verify card transactions. This process takes only seconds, as shoppers know, and became a target for thieves because protection had been beefed up on physical computers and their electronic defenses.

The fact that some credit-card information is not encrypted when traveling over private corporate networks remains an issue for retailers, banks, and credit-card companies to resolve. (When traveling over public networks, the data must be encrypted.) Also, the Hannaford hack was claimed by some to be an inside job — and there's little defense against data theft by a person who is allowed into a data center.

Most Mainers likely do not know that THE MAINE LEGISLATURE'S WEB SITE WAS HACKED just three months ago, resulting in some mild confusion about the lawmaking process. Specifically, the site's ability to designate the status of bills moving through the Legislature — including keeping users up-to-date on amendments and voting — was modified so that a user who clicked on various links would be taken to a Web site that would attempt to download viruses or other harmful software onto a user's computer.

State computer-support staff took the site offline entirely for several days while they fixed the security hole and reloaded correct information into the database. This went largely unnoticed because the Legislature was not in session at the time.

Related: News worth paying for?, Rhode Island’s birth control contretemps, FairPoint's struggles continue, More more >
  Topics: News Features , Internet, Technology, Maine,  More more >
| More

Most Popular
Share this entry with Delicious
  •   PORTLAND VS. HER PEOPLE  |  March 19, 2014
    This city, which all agree is lucky to have so many options, has leaders who do not behave as if they have any choice at all. To the frustration of the citzenry, the City Council and the Planning Board often run off with the first partner who asks for a dance.
    Two bills before the Maine legislature seek to pry lessons from the hard time FairPoint has had taking over the former Verizon landline operations in Maine since 2009.
  •   BEYOND POLITICS  |  March 06, 2014
    Today’s US media environment might well seem extremely gay-friendly.
  •   THE ONLINE CHEF  |  February 27, 2014
    It turns out that home-cooked scallops are crazy-easy, super-delicious, and far cheaper than if you get them when you’re dining out.
  •   RISE OF THE E-CURRENCIES  |  February 12, 2014
    Plus: Is Rhode Island ready for Bitcoin? Two perspectives

 See all articles by: JEFF INGLIS