More than 25 servers and encrypted networking appliances were compromised in the January hack, a cybersecurity firm determined. Pictured, the Assembly chamber in Albany, N.Y.
Photo: Mike Groll/Associated PressALBANY, N.Y.—Hackers compromised the computer network serving New York’s state government in late January, officials said Monday, prompting the state to hire an outside firm and change thousands of employee passwords.
The state’s Office of Information Technology Services discovered the breach on Jan. 28. Hackers built tunnels into several servers that are used to transmit encrypted information, officials said. In mid-February, the state brought in CrowdStrike, a cybersecurity firm, to assess the scope of the intrusion, the officials said.
Richard Azzopardi, a senior adviser to Gov. Andrew Cuomo, said Monday there is “no evidence that personal data of any New York resident, employee, or any other individuals were compromised or have been taken from our network.”
The computer-network hack hadn’t been previously reported, and was confirmed by the state after The Wall Street Journal inquired about it.
Mr. Azzopardi said the state was working with the Federal Bureau of Investigation to determine the hackers’ identities. Two people familiar with the matter said they believed the perpetrator was a foreign actor.
Mr. Azzopardi declined to comment further. A spokeswoman for the FBI in Albany declined to comment. A CrowdStrike representative said it was company policy not to discuss who its clients are.
The state manages a large amount of sensitive data, from motor-vehicle records to tax returns to payroll information for more than 250,000 employees of state agencies and public universities. Starting in 2012, Mr. Cuomo centralized the IT professionals from various agencies into a single office and consolidated 53 data centers into two facilities located on a university campus in Albany.
The website for ITS says the agency processes 50 million transactions a day and manages 14 million citizen accounts, which people create to file their taxes or renew vehicle registrations.
All that data is now part of the state-managed cloud environment called the Excelsior Cloud, officials say. Justin Herring, who leads the cybersecurity division of the state’s Department of Financial Services, said there are more than 10,000 virtual servers supporting the operations of state agencies that allow users to access certain segments of that data.
The CrowdStrike review identified more than 25 servers and encrypted networking appliances that were compromised in the January hack. They were used by the New York State Police as well as the state’s departments of Civil Service and Environmental Conservation. There is no evidence any encrypted data was taken, Mr. Herring said.
ITS brought in CrowdStrike on Feb. 19 after the state agency found a previously unknown back door three weeks into its own review.
The hack prompted the state to install additional security software and reset thousands of passwords at the affected agencies, Mr. Herring said. A spokeswoman for the state comptroller’s office, which manages payroll for state employees, said last week that it had recently taken measures to increase security.
Governments are constantly being targeted in cyberattacks ranging from routine to highly sophisticated, by criminal groups and foreign adversaries. Deborah Snyder, who until this year was the state’s chief information security officer, said at an industry conference in 2018 that employees were ever vigilant for potential incursions.
“They’re as common as peanut butter, and they’re just as messy when they happen,” Ms. Snyder said.
Write to Jimmy Vielkind at Jimmy.Vielkind@wsj.com
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
"network" - Google News
April 14, 2020 at 05:40AM
https://ift.tt/3b6qRUD
New York Investigating Hack of State’s Computer Network - The Wall Street Journal
"network" - Google News
https://ift.tt/2v9ojEM
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
No comments:
Post a Comment