Qakbot Virus Causes Possible Data Breach at Mass. Agencies

An untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack. However, officials said they are unsure at this point whether any data was actual stolen, and if so, how much.

QakbotAn untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack. However, officials said they are unsure at this point whether any data was actual stolen, and if so, how much.

The attack, which the departments’ security team discovered in late April, may affect as many as 210,000 people, according to reports. State officials said that the compromise was the result of an infection by the Qakbot virus, a Trojan that is designed mainly to steal online banking credentials. The malware infected machines on the departments’ networks, as well as some stand-alone PCs at One Stop Career Centers.

“The [Executive Office of Labor and Workforce Development] learned yesterday that the computer virus (W32.QAKBOT) was not
remediated as originally believed and that the persistence of the virus
resulted in a data breach. Once it was discovered, the system was shut
down and the breach is no longer active. W32.QAKBOT may have impacted as many as 1500 computers housed in DUA and DCS including the computers at the One-Stop Career Centers,” the state said in a statement on Tuesday.

“There
is a possibility that as a result of the infection, the virus collected
confidential claimant or employer information. This information may
include names, Social Security Numbers, Employer Identification Numbers,
email addresses and residential or business addresses. It is possible
that bank information of employers was also transmitted through the
virus.”

The state discovered the virus infection on April 20 and began the process of removing it and cleaning up the infected machines. However, at some point the departments’ security team discovered that the Qakbot malware had not actually been removed, as they’d thought.

Massachusetts officials have notified the FBI and other agencies, including the state attorney general, of the breach. The state is advising people who believe they may have been affected by the data breach to contact the state at 1-877-232-6200.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.