Malware blamed in latest SAIC breach
Science Applications International Corporation (“SAIC”), recipient of a number of large government contracts, notified the New Hampshire Attorney General on December 9th of a security breach involving malware. The specific malware was not named, but was described as “designed to provide backdoor access.”
The breach was detected on October 28th. In its letter to an unspecified number of affected individuals, SAIC wrote:
This letter is to notify you of a potential compromise of your personal information, including your name and social security number, date of birth, home address, home phone number and clearance level and possibly other personal information necessary to complete government security clearance questionnaires (e.g., SF-8SP or SF-86). We collected this information from you to provide it to the U.S. Government either to enable you to visit a government facility or to assist you in obtaining or updating your government clearance.
Our Security personnel routinely receive information regarding malicious software from industry partners. This process led to the recent discovery on October 28, 2008 of malicious software designed to provide backdoor access on a computer used to process your security clearance or visit request. Unfortunately, due to the nature of this malicious software, it avoided our standard cyber security precautions which include using industry-leading software for virus and spyware detection, intrusion detection systems, and firewalls. To help detect and prevent similar attacks, we keep pace with industry best practices and software, we continue to work with our industry partners and we are implementing Trusted Desktop, which removes elevated privileges from users.
We have communicated with Defense Security Information Exchange and the Federal Bureau of Investigation regarding this malicious software, and we have sought evidence regarding whether the malicious software was used to access your personal information. To date there is no indication that any of your personal data was accessed. As there is a potential that it could have been accessed, we recommend that you take precautionary measures, including the actions further detailed in Exhibit A attached to this letter,
If their description and explanation sounds familiar, it may be because SAIC had another breach almost a year ago where malware (a keylogger) also evaded their detection system. In that breach, it was mostly corporate account data at risk. The nature of the data in this most recent incident is of more concern due to its security implications.
As in the previous incident, SAIC did not offer those affected by the recent breach any free services for credit monitoring or repair.