PROVIDENCE -- Thousands of credit card numbers were stolen from a state government website that allows residents to register their cars and buy state permits, authorities said Friday.
The private company that runs RI.gov told the state this week that 4,118 credit card numbers probably were taken, a state official said. All online transactions were suspended Friday until any security problems could be fixed, and the state planned to notify cardholders of the breach, said Beverly Najarian, director of the Department of Administration.
No fraudulent purchases had been reported, Najarian said.
New England Interactive, the company that runs the website, said using the stolen information to make a fraudulent purchase would be difficult. The site's system records only partial credit card numbers, spokeswoman Renee Loring said.
The breach on Dec. 28 was detected during a routine security audit and reported to the state government the following day, Loring said. At the time, the company believed eight credit cardholders were affected, she said.
But soon after, an outside security firm discovered a website in Russian listing the names and partial credit card numbers of several residents, Najarian said. The site, purportedly written by a university student, said he found Rhode Island's website and hacked into it. The posting details how he was able to hack the site.
The purported hacker said he obtained 53,000 credit card numbers.
Loring said the total was much smaller, but would not put an exact number on the amount, estimating it was in the thousands. She said she did not know when New England Interactive realized that breach was greater than first believed.
Steven O'Donnell, spokesman for the Rhode Island State Police, said a computer crimes team was investigating the case.
New England Interactive tightened security, Loring said, but she declined to describe the measures. She said the website is ''absolutely safe" and the intrusion was reported to financial institutions.
The state did not tell consumers about the breach in December because the hacking appeared limited, Najarian said.
Jeff Neal, a spokesman for Governor Don Carcieri, said New England Interactive's contract to run the state's website expires this summer and the governor's office plans a review before deciding whether to extend it.
New England Interactive also manages websites for state governments in other states, Loring said. On Friday morning, it listed Maine, New Hampshire, and Vermont as clients.
Loring said its other state websites were not affected.
Erin Hutchins, who manages the Maine government's site, said there have been no reports of hacking. Liza Poinier, New Hampshire Fish and Game Department spokeswoman, said New England Interactive hasn't handled the transactions on its website for about 18 months.
Officials at Vermont's Department of Information and Innovation did not immediately return a call for comment.