New York State Confirms Breach of Government Network
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.
New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States.
On Jan. 28, 2020, New York's Office of Information Technology Services (ITS) discovered an intrusion into state government networks, The Wall Street Journal reports. Attackers had built tunnels into multiple servers used to transmit encrypted information. Richard Azzopardi, senior adviser to Governor Andew Cuomo, says there is no evidence to indicate personal data belonging to New York residents or state employees was stolen or compromised in the attack.
The breach was not previously reported but was confirmed by the state when the WSJ inquired. Officials say New York hired security firm CrowdStrike in mid-February "to assess the scope of the situation." ITS hired a third party when, a few weeks into its internal investigation, it discovered a previously unknown backdoor. New York is working with the FBI to learn the hackers' identities; sources familiar with the case think a foreign attacker is responsible.
CrowdStrike's review found "more than 25 servers and encrypted networking appliances" compromised in the attack. These assets were used by several government groups, including the New York State Police and the departments of Civil Service and Environmental Conservation.
The incident led New York to implement additional security tools and reset thousands of employee passwords at state agencies.
Read more details here.
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024