Credit Card Numbers Reported Stolen from R.I. Government Web Site

January 29, 2006

Thousands of credit card numbers were stolen from a state government Web site that allows residents to register their cars and buy state permits, authorities said Friday.

The private company that runs told the state that 4,118 credit card numbers had probably been taken, a state official said. All online transactions were suspended Friday until any possible security problems could be fixed, and the state planned to notify cardholders of the breach, said Beverly Najarian, director of the Department of Administration.

No fraudulent purchases had been reported so far, Najarian said.

New England Interactive, the company that runs the Web site, said using the stolen information to make a fraudulent purchase would be difficult. The site’s system only records partial credit card numbers, spokeswoman Renee Loring said.

The breach on Dec. 28 was detected during a routine security audit and reported to the state government the following day, Loring said. At the time, the company believed only eight credit cardholders were affected, she said.

But soon after, an outside security firm discovered a Web site in Russian listing the names and partial credit card numbers of several residents, Najarian said. The site, purportedly written by a university student, claimed he overslept class, found Rhode Island’s Web site and hacked into it. The posting details how he was able to hack the site.

The purported hacker said he obtained 53,000 credit card numbers.

Loring said the total was much smaller, but would not put an exact number on the amount, estimating it was in the thousands. She said she did not know when NEI realized that breach was greater than first believed.

Steven O’Donnell, spokesman for the Rhode Island State Police, said a computer crimes team was investigating the case.

NEI tightened security, Loring said, although she declined to describe the measures. She said the Web site is “absolutely safe” and the intrusion was reported to financial institutions.

The state did not tell consumers about the breach in December because the hacking appeared limited, Najarian said.

Jeff Neal, a spokesman for Gov. Don Carcieri, said NEI’s contract to run the state’s Web site expires this summer and the governor’s office plans a review before deciding whether to extend it.

NEI also manages Web sites for state governments in other states, Loring said. It listed Maine, New Hampshire and Vermont as clients.

Loring said its other state Web sites were not affected.

Erin Hutchins, who manages the Maine government’s site, said there have been no reports of hacking. New Hampshire Fish and Game Department spokeswoman Liza Poinier said New England Interactive hasn’t handled the transactions on its Web site for about 18 months.

Officials at Vermont’s Department of Information and Innovation did not immediately return a call for comment.

The Rhode Island Web site allows residents to complete dozens of transactions online.

Topics Cyber Fraud Training Development

Was this article valuable?

Here are more articles you may enjoy.