State reassures on data breach

Says computer virus is contained

By D.C. Denison
Globe Staff / May 19, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

The Massachusetts labor department is “very confident’’ the virus that compromised the personal information of up to 210,000 unemployed residents will not spread to other computer networks run by the state.

“Our network is segmented and separated from the rest of the Commonwealth’s networks,’’ John Glennon, chief information officer for the Executive Office of Labor and Workforce Development, said yesterday. “There’s no chance that the virus will spread.’’

The assurances came as Labor and Workforce Development technicians worked to remove the last traces of the stubborn Qakbot virus from 1,500 computers that could be affected.

On Tuesday, officials revealed the virus had been detected in a department computer on April 20 and may have stolen names, Social Security numbers, and other information about recipients of unemployment benefits. Such information can be used by data thieves to steal identities and access personal financial accounts.

Yesterday, officials were fielding numerous calls from residents who have accessed the network in the past few months and are worried about the safety of their data.

“Our priorities now are totally eradicating the virus and helping claimants protect their personal and financial information,’’ said Joanne F. Goldstein, secretary of labor and workforce development.

Goldstein said her office is preparing a mailing to the more than 200,000 people who are currently using the agency’s computer network — alerting them to the danger and telling them how to protect their information.

The Qakbot virus lets an attacker steal data by capturing information that is typed on keyboards. It then sends the information — in this case names, addresses, phone numbers, and Social Security numbers — to the thieves.

The labor department computers could have been infected by a thumb drive or a website that was unwittingly accessed by anyone using one of the agency’s One Stop Career Centers, including a department employee.

Once such a virus is launched, it can spread quickly and infect other connected machines.

“I can totally relate to the problem that the state has had in dealing with this virus,’’ said Roel Schouwenberg, an antivirus researcher at Kaspersky Lab, a Woburn computer security firm. “It is extremely aggressive and persistent. It’s notorious as a very successful network worm.’’

What makes it difficult to eradicate, Schouwenberg said, is that it can make itself harder to detect.

Goldstein said people who have recently accessed the network should monitor their credit reports on one or all of the major reporting agencies: TransUnion, Equifax, and Experian.

She also urged individuals who accessed the network between April 19 and May 13 to put a fraud alert (also called a credit freeze) on their credit reports so that no credit can be approved without the express consent of the individual.

Each credit reporting agency must provide a free report every 12 months. A freeze can cost up to $5, unless the request comes from a victim of identity theft who presents a police report.

The labor department has posted information for people who may be affected by the breach at

It has also set up a hotline at 1-877-232-6200.

D.C. Denison can be reached at