Houghton Mifflin Harcourt Server Breached In Mass Web Attack
Houghton Mifflin Harcourt (HMH), a publishing company based in Boston, will begin notifying individuals whose information may have been compromised by a worldwide Internet-based attack that affected one of its websites.
On April 25, 2008, HMH’s Information Security group learned of a worldwide Internet-based attack that affected one of its non-e-commerce websites. HMH has reported this matter to the U.S. Secret Service and state law enforcement, who are actively investigating the incident.
As part of its internal investigation, which is still ongoing, HMH retained digital forensics experts to collect and analyze data from the relevant computer systems. They have determined that social security numbers of approximately 194 individuals affiliated with Harcourt Trade, 2 of whom are New Hampshire residents, were in a company database on the affected computer server, and may have been compromised as a result.
Since learning of the incident, Houghton Mifflin Harcourt has reported this matter to the U.S. Secret Service and state law enforcement; cooperated with law enforcement, which is actively investigating the incident; conducted a thorough investigation of the incident, including an assessment of whether or not the theft created any prospective data security risk; identified the sensitive personal information about individuals stored on the affected server. They also made arrangements to notify affected individuals about the incident in accordance with state laws, offer premium credit monitoring, ID theft insurance, and ID theft resolution services, and provide additional information about prevention and detection of ID theft including information about credit alerts and credit freezes.
HMH is continuing to work with information security professionals to review current policies and procedures to identify steps that can be taken to better protect against incidents of this kind. There is no evidence to date to suggest that the data has been misused.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.