Hackers open data of group's workers

October 2, 2007

By Andy Davis, NWAnews.com


A hacker illegally gained access to a computer of The Nature Conservancy containing personal information on about 14,000 people, including current and former Nature Conservancy employees and their dependents, the nonprofit organization confirmed Monday.

Those affected include 36 employees in Arkansas.

According to an e-mail the Arlington, Va., organization sent its employees, the hacker used a Web site to gain access to a Nature Conservancy computer Sept. 12.

Nature Conservancy spokesman Jim Petterson said when employees accessed a particular Web site, the site planted a program on the employees. computers that copied the contents of the hard drives and sent the information to the hacker.

The stolen information included the names, home addresses, Social Security numbers and birth dates of current and former U. S.-based employees who had worked at the Conservancy during the past seven years.

It also included direct deposit bank account numbers for employees who were on the payroll between 2000 and 2004, as well as the Social Security numbers of those employees. dependents.

Information on employees who started after Aug. 3 of this year was not stolen, according to the e-mail.

The e-mail, sent Sept. 25 by Chief Information Officer Jean-Louis Ecochard, describes the theft as "a serious issue, one that exposes some employees and former employees to greater risk of identity theft."

The e-mail, provided to the Arkansas Democrat-Gazette by a former employee who lives in Arkansas, was a follow-up to a warning the organization sent out Sept. 21, Petterson said.

The organization also sent a letter to the last known addresses of all former employees, he said.

The theft was also reported to the FBI and Arlington County, Va., police, he said.

The Nature Conservancy is offering those affected a free, year-long credit monitoring program.

It includes unlimited access to credit information, e-mail alerts about possible fraudulent activity and $ 25, 000 in identitytheft insurance.

The organization.s employees in Arkansas . located in Little Rock, Fayetteville, Arkadelphia, Batesville and Ponca . are primarily researchers and scientists, said Jay Harrod, a spokesman in The Nature Conservancy's Little Rock office.

He said employees are concerned about the theft but have been reassured by the organization.s response.

No one has yet reported a problem related to the theft, such as someone illicitly withdrawing money from an account or taking out a credit card, Harrod and Petterson said.

Last year, the San Diego-based Identity Theft Resource Center counted 315 publicized breaches of personal information affecting nearly 20 million people.

Linda Foley, the group's founder, said the Nature Conservancy theft was a "moderate-sized" case. She added that the hacker may not intend to use the information to commit identity theft.

"It may have just been that they were trying to hack into a database and they happened onto this one," she said.

main page ATTRITION feedback