Data Breach Infects Mass. Unemployment Office

An estimated 225,000 Massachusetts residents could become fraud victims as a result of a computer data breach in the state unemployment system. State labor officials have disclosed that a computer virus compromised their computer system, and that’s making some unemployment recipients vulnerable.

On April 20, one person at one computer in the state system visiting an infected website. A virus, called the QAKBOT virus, spread from there to other computers on the network.

Since then, a new mutated variation of a computer virus infected the Labor Department’s network. When the department discovered the breach, they put up a firewall to try to keep it from sending out information, according to state Labor Secretary Joanne Goldstein.

“As soon as we were aware that the virus had struck, we took every action we could … to remediate it,” Goldstein said. “Unfortunately the virus took some different paths. And once we became aware that one of those paths exported information, we took even further action.”

Potentially anyone in the state employment system — including the 210,000 people currently receiving jobless benefits and the state employees who’ve used career center computers — are at risk of having their address, phone number, social security number or password stolen.

State officials are recommending that anyone who could be affected institute a fraud alert on their credit.
The state has set-up a toll-free hotline for more information, at 877-232-6200. For more information about institutin a credit freeze, vist the Labor and Workforce Development website.

For more on how the virus attack unfolded, click here.

Please follow our community rules when engaging in comment discussion on wbur.org.
  • TechBoy

     OK…let me make
    sure I have this straight…


    Goldstein indicates
    that “it’s not anyone’s fault”…I have a hard time with that
    synopsis.  From my perspective, this is
    pretty clear…Goldstein is tasked with overseeing ALL aspects of the
    organization…I assume the Labor and Workforce Development has some IT
    staff…and they probably use contractors/consultants for certain aspects of
    the technology that they can not handle internally due to the lack of
    expertise…that’s probably why the “consultant” was referenced in this


    If the computer
    systems and network were not properly protected from visiting a web site with
    malicious content, then EVERYONE is at fault…the consultant who failed to
    adequately assess the situation…the IT staff who should have ensured that the
    systems were protected either via internal or external resources,  and Goldstein who is responsible for the
    operations of the entity.


    It’s time people in
    state government start taking responsibility for their actions, or lack
    thereof.  If Sony is at fault for its
    lack of oversight and planning, then Goldstein and her organization are at
    fault for their ineptitude as well!!

    • howee

      Its been three months since i have been waiting on my unemployment checks that i have yet to receive while my rent couldnt have been paid, when i had no money for food, i could have been homeless if it wasnt for my savings but now you’re telling me my personal information could have been used. I smell a lawsuit.

  • UnemployedTechie

    Are you kidding me?  It is not anyone’s fault?  Let me get this straight.  A virus penetrated your systems because of someone’s careless mistake.  Now hundreds of thousands of people, including myself, have to do a credit freeze and Goldstein is saying “Brownie, you’re doing a heck of a job”?

    Here are some of the things that went wrong:
    - inadequate virus protection
    - inadequate firewall/proxy protection
    - inadequate server isolation
    - inadequate employee training
    - inappropriate use of government resources (the infected website is probably non-work related)
    - lack of accountability

    If no one is willing to take responsibility, then Goldstein needs to accept the blame.  That’s how it works!  Don’t go around telling me it’s no one’s fault.

    Since I’m unemployed, hire me as a consultant or as a manager to oversee network security or IT operations.  At least if I screw up, I’ll own up to it.

  • annetstone

    Will Goldstein’s budget be paying for the fraud alert and identity theft protection services for the thousands affected, who obviously are in the worst position to add another cost to their budget?
    Symantec would NOT be my first choice for enterprise virus protection. Eset!!!!!!!! on of your sponsors is what I have on my computer. Going to be checking if Eset has the Quakbot covered.  

  • Graff

    The data breach likely began at a networked computer terminal in a One Stop Career Center. The computer terminals are open to the public and to be used by job seekers for employment resources.  They are staffed, and sites are blocked but staff cannot monitor everyone’s actions all the time. They are available to assist job seekers with resumes, and other job search activity. In terms of the state’s capacity, this is a great example of getting what one pays for. We want cheap government, bargain basement  prices for services, and that often means sacrificing quality.  We do not know that the IT staff didn’t recommend another anti virus  product but were constrained by budgets or other State restrictions.  

  • http://twitter.com/CurtNickisch Curt Nickisch

     Folks, Goldstein and her CIO told me that the virus definitions at DCA and DUA were up to date, but that the first infected computer got a new variation of the virus that the virus definitions did not protect against.  When they discovered it, they tried to eradicate it and they adjusted their firewall to block all ports that this virus has been known to use.  But they said it mutated and started using new ports to get data past the firewall.

  • http://www.facebook.com/ajvsell Adam Sell

     Was any data *lost* as a result of the breach?

  • http://twitter.com/CurtNickisch Curt Nickisch

     Yes, but they don’t know exactly what or how much.  You’re apparently more likely to be affected if you made changes to your unemployment system in the last few weeks.  That means your record was accessed, making it more likely to be exposed.  But you can’t know if an employee looked up your record for whatever reason, so practically all 210,000 people currently getting jobless benefits are at risk.

  • http://profiles.google.com/fliegs Larry Fliegelman

     Is there any information about what to do about this? Should those in the system change passwords or take any other actions?

  • http://twitter.com/CurtNickisch Curt Nickisch

     Larry, there’s a toll-free hotline above, but definitely check out the interview we did on this topic this morning.


Most Popular