The W32.QAKBOT virus infected 1,500 computers at the state’s Departments of Unemployment Assistance and Career Services and may have stolen names, social security numbers, employer IDs, email addresses, and physical addresses of unemployed individuals and businesses, the office said in a news release.
While the office did not provide the overall number of those affected by the data breach, the Boston Globe reported that up to 210,000 individuals may have been impacted.
The infection was discovered on April 20, but the data breach was not announced until May 17. The office explained that, once it discovered the virus, it worked with Symantec to eliminate it, but did not realize the remediation effort had failed and that a data breach had resulted until May 16. A state law requires organizations to report a data breach “as soon as practicable and without unreasonable delay’’ to the attorney general’s office, the newspaper noted.
“We are in the process of individually notifying all residents whom we think could be impacted and have advised all relevant and necessary state and federal agencies of the situation. We are doing everything possible to provide assistance in how to protect their identities and credit to those affected", said Joanne F. Goldstein, secretary of labor and workforce development.
“Unfortunately, like many government and non-government organizations we were targeted by criminal hackers who penetrated our system with a new strain of a virus. All steps possible are being taken to avoid any future recurrence", she added.
Goldstein advised potential victims of the data breach to put a credit freeze or a security alert on their credit reports.