The state has begun notifying affected individuals about the compromise. Those who had their SSNs stolen will receive one year's worth of free credit monitoring services.
Attacks that take advantage of weak authentication mechanisms continue to be a major problem for enterprises. Though the issue is well understood, many companies with otherwise sound defenses continue to get breached because of their reliance on default or easy-to-guess passwords and knowledge-based authentication (KBA) mechanisms for controlling access to critical network assets and systems.
A recent breach at payment processing firm GlobalPayments Inc. that exposed debit and credit card data belonging to about 1.5 million people is thought to have resulted from an authentication vulnerability.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.