Data Breach Infects Mass. Unemployment Office

Roughly 225,000 people in Massachusetts could become fraud victims, after a data breach at the state’s unemployment computer system. Massachusetts residents receiving jobless benefits and those who have used a state career center computer in the past month are at risk. About 1,200 state employees are also affected.

The computer system designed to help unemployed workers get benefits and get back to work is believed to have been infected first on April 20, when someone on the system visited a website with malicious code. The Qakbot virus, as it’s called, spread from there.

The virus affected "a total of 1,500 computers throughout the enterprise and the network," said John Glennon, the labor department’s chief information officer.

The Qakbot virus spread to computers in the Division of Unemployment Assistance, as well as terminals at many of the state’s One-Stop Career Centers. At first the agency worked with state experts and a consultant to eradicate the virus and close down its channels to the outside. But Glennon said the virus mutated without state officials realizing.

On May 13, Glennon and his team found files showing the virus had been storing personal data. Now, they’re again cleaning the computers one by one, Glennon said.

That it has taken almost a month to fully discover the extent of the Qakbot virus attack doesn’t surprise Roel Schouwenberg, an anti-virus researcher at the Woburn computer security firm Kaspersky Labs.

"These days, whenever I hear of a big corporate infection that’s very hard to get rid of, and people are struggling, I immediately think of Qakbot," Schouwenberg said.

Schouwenberg said Qakbot is especially aggressive. The virus normally targets online banking. If you log onto your bank account from an infected computer, it can find out your account password.

However, whoever is controlling the virus from afar can change its target. Schouwenberg said if they realized it had infected a state computer network with names, addresses and Social Security numbers, the virus could be told to go after that information.

More: