Story on NAPHSIS Breach – Disappears!

by on April 1, 2007 · 6 comments

Early this morning, I came across an AP story about a breach of the NAPHSIS EVVE system. At this point, it looks like it has been taken down and I can’t find it anywhere on the Web – I could imagine national security folks wanting to contain the PR damage. I’ll reproduce it below from my cache. If anyone can find it on the Web – especially an update – please let me know in the comments.

I think the implication of this are huge. Beyond billions in welfare fraud going to whatever criminal organization might have placed this software, we have a security hole a mile wide in the passport issuance system, social security cards, and drivers’ licenses. Good thing this has been caught now. Imagine if REAL ID were in place and we were relying on this system for ID security.

Vital Events Database Hacked,
Billions in Benefits, Passport Security at Stake

By TAMMY McCLURE
The Associated Press
Sunday, April 1, 2007; 2:49 AM

NEW YORK — The National Association for Public Health
Statistics and Information Systems (NAPHSIS) warned late Saturday that a key data
system it maintains has been hacked.  

 

Billions in benefits may have been distributed by federal
and state agencies relying on the system.  The security breach may have allowed
terrorists and criminal organizations to wrongly acquire driver’s licenses, U.S. passports, and Social Security cards. 

 

“From the moment we discovered the attack, we began
notifying our users of the problem and we have taken every step we can to
address it,” said Garland Land, Executive Director of NAPHSIS in a written
statement.  “We will continue to keep benefits agencies, the State Department,
and the Secret Service apprised of the situation.”

 

Officials from the government agencies involved did not
return calls over the weekend.  Many rely on the Electronic Verification of
Vital Events system for proof of age, proof of citizenship, identification for
employment purposes, to issue benefits or other documents, and to assist in
determining eligibility for public programs or benefits.

 

“This is a frightening illustration that when centralized data
systems are compromised, it can have cascading effects,” said Jamie Caliper at
data security expert PGP. “Depending on the nature and scope of the hack, there
could be thousands of falsely issued documents, and billions in benefits
distributed based on fraud.”

 

Other than a written statement released late Friday, NAPHSIS
officials have refused comment.  The employee of a vendor revealed the breach
to the Associated Press Friday, saying that unauthorized software had been
operating within the NAPHSIS vital events system for an indeterminate length of
time.  This follows the revelation last week of a similar occurrence leading to
the breach of more than 45 million credit and debit cards.

 

© 2007 The
Associated Press

  • http://www.davidmcelroy.org/ David McElroy

    I’m not sure if this is a fairly obscure April fool’s joke or not, but it’s not a real AP story. A real AP story wouldn’t have two spaces between each sentence. That’s not how typeset copy is done but is a holdover from the days when typing was taught with the assumption that type was monospace (as on old-fashioned typewriters). In addition, an AP writer almost certainly wouldn’t have made the statements in the second graf without some form of attribution (since this is a hard-news story instead of an analysis). There’s also at least one minor punctuation error in a quote, but AP copyediting has gotten so bad that that part COULD be legit. :)

  • http://www.davidmcelroy.org/ David McElroy

    I’m not sure if this is a fairly obscure April fool’s joke or not, but it’s not a real AP story. A real AP story wouldn’t have two spaces between each sentence. That’s not how typeset copy is done but is a holdover from the days when typing was taught with the assumption that type was monospace (as on old-fashioned typewriters). In addition, an AP writer almost certainly wouldn’t have made the statements in the second graf without some form of attribution (since this is a hard-news story instead of an analysis). There’s also at least one minor punctuation error in a quote, but AP copyediting has gotten so bad that that part COULD be legit. :)

  • http://www.blogger.com/profile/14019452 Steve R.

    Whether the above NAPHSIS story was true or not, the
    Washington Post reported on March 30, 2007 that “At least 45.7 million credit and debit card numbers from customers in the United States, Britain and Canada were stolen over a period of several years from the computers of TJX, the discount retail giant disclosed in a regulatory filing this week.” … “The computer breach is significant not only because of its scope but also because the hacker or hackers had access to the decryption tool used to decipher sensitive encrypted information and an ability to intercept data as shoppers’ credit transactions were being approved.” Seems that private industry also needs to work a bit on improving their security.

  • http://www.blogger.com/profile/14019452 Steve R.

    Whether the above NAPHSIS story was true or not, the
    Washington Post reported on March 30, 2007 that “At least 45.7 million credit and debit card numbers from customers in the United States, Britain and Canada were stolen over a period of several years from the computers of TJX, the discount retail giant disclosed in a regulatory filing this week.” … “The computer breach is significant not only because of its scope but also because the hacker or hackers had access to the decryption tool used to decipher sensitive encrypted information and an ability to intercept data as shoppers’ credit transactions were being approved.” Seems that private industry also needs to work a bit on improving their security.

  • Jack J

    This is not a real AP story. There is nothing in it related to Global Warming, the Ozone hole, Greenhouse Gases or endangered plants/animals. Also, there isn’t anything in the story about how this is president Bush’s fault. All real AP stories contain at least one of the above subjects, usually in the next to last and last paragraph.

  • Jack J

    This is not a real AP story. There is nothing in it related to Global Warming, the Ozone hole, Greenhouse Gases or endangered plants/animals. Also, there isn’t anything in the story about how this is president Bush’s fault. All real AP stories contain at least one of the above subjects, usually in the next to last and last paragraph.

Previous post:

Next post: