Alaska public assistance agency discloses data breach from Trojan horse virus

Officials in Alaska announced Thursday that the state’s Division of Public Assistance, which manages the state’s welfare programs, experienced a data breach earlier this year that potentially exposed the personal information of more than 500 individuals.

The breach occurred April 26 when an agency computer in far northern Alaska was infected with malware known as Zeus, or sometimes Zbot. An investigation conducted by a security team from the state Department of Health and Social Services, the public assistance office’s parent agency, determined that the computer had unauthorized software installed on it. Investigators also found evidence the computer accessed sites based in Russia.

Zeus is a Trojan horse virus designed to steal confidential information from infected systems, and is often delivered in the form of emails that appear to be from government agencies or major corporations, according to the cybersecurity firm Symantec . The toolkit that generates Zbot files is commonly available in online black markets, and is most widely distributed in the United States, the United Kingdom, Russia, Canada and India.

The Alaska computer hit by Zbot contained sensitive documents including names, dates of birth, Social Security numbers, pregnancy statuses, death records, and Medicaid and Medicare billing codes for public-assistance recipients throughout northern Alaska.

The Division of Public Assistance said in a press release that it took “immediate action to mitigate further access to the infected computer” after the breach was detected. A spokeswoman told the Associated Press there is no evidence personal information stored on the computer has been used in a malicious way, though officials are still assessing the full scope of the cyberattack.