CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 9th, 2008

Houghton Mifflin Harcourt Server Breached In Mass Web Attack

Houghton Mifflin Harcourt (HMH), a publishing company based in Boston, will begin notifying individuals whose information may have been compromised by a worldwide Internet-based attack that affected one of its websites.

On April 25, 2008, HMH’s Information Security group learned of a worldwide Internet-based attack that affected one of its non-e-commerce websites. HMH has reported this matter to the U.S. Secret Service and state law enforcement, who are actively investigating the incident.

As part of its internal investigation, which is still ongoing, HMH retained digital forensics experts to collect and analyze data from the relevant computer systems. They have determined that social security numbers of approximately 194 individuals affiliated with Harcourt Trade, 2 of whom are New Hampshire residents, were in a company database on the affected computer server, and may have been compromised as a result.

Since learning of the incident, Houghton Mifflin Harcourt has reported this matter to the U.S. Secret Service and state law enforcement; cooperated with law enforcement, which is actively investigating the incident; conducted a thorough investigation of the incident, including an assessment of whether or not the theft created any prospective data security risk; identified the sensitive personal information about individuals stored on the affected server. They also made arrangements to notify affected individuals about the incident in accordance with state laws, offer premium credit monitoring, ID theft insurance, and ID theft resolution services, and provide additional information about prevention and detection of ID theft including information about credit alerts and credit freezes.

HMH is continuing to work with information security professionals to review current policies and procedures to identify steps that can be taken to better protect against incidents of this kind. There is no evidence to date to suggest that the data has been misused.

Share this item with others:

More on CyberInsecure:
  • Yesterday’s Mass Hack Attack
  • US Congressional Websites Hit By Mass Defacement Attack
  • Thousands Of Websites Distribute Scareware After Mass Injection Attack, BlueHost, DreamHost, Bizland, GoDaddy Affected
  • University Of Massachusetts Amherst’s Health Services Network Breached By Hackers
  • New Mass Injection Attack Adds Rogue Code To JS Files, Rackspace And Media Temple Affected

    • Posted in Breaches And Incidents, Data Theft, Mass Web Attacks | Print This Post Print This Post

    This entry was posted on Wednesday, July 9th, 2008 at 1:56 am and is filed under Breaches And Incidents, Data Theft, Mass Web Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Houghton Mifflin Harcourt Server Breached In Mass Web Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »