The Nebraska State Patrol and FBI are trying to figure out who hacked into a Nebraska Workers' Compensation Court computer server -- and whether the hacker took personal information.
The state agency learned last week someone had broken into a server that temporarily held injury reports, said Glenn Morton, court administrator for the Workers' Compensation Court.
Personal information, including birth dates and Social Security numbers, would have been in the server, he said.
Whenever a worker has a job-related injury, a report is filed with the Workers' Compensation Court and the information temporarily stored on that server, Morton said.
"Because of the way that server was set up, we can identify which records were on that server on the dates in question," he said. "We don't know how many. Probably a few thousand. Certainly less than 5,000."
The breach likely occurred in early September, he said, and the server was vulnerable until it was shut down Nov. 9.
"All of our records and computer systems are behind a firewall maintained by (the state's) chief information officer, and they periodically monitor activity in the system," Morton said.
"They noticed that on this particular server there was heavy Internet traffic."
Morton said the patrol was called in the middle of last week when it became clear someone had accessed the server. The patrol is now working with the FBI to ascertain exactly who may have been affected by the breach in security.
Patrol spokeswoman Deb Collins would say only that the investigation is active and ongoing.
When names of people who might have been affected are available, Morton said, those people will be notified.
"We'll send a letter to every employee that was the subject of those records ... alerting them to the fact their records were potentially exposed and to take whatever precautions."
Those precautions include watching bank statements and checking credit reports, he said.
"We have no indication at all that any of the records on that server were actually taken, but there was access," Morton said.
He said he's hopeful whoever hacked into the system might have been more interested in using it as a pass-through to greater Internet access than in taking personal information.
If you were in the workers' comp system:
* File an initial fraud alert with Equifax, Experian and TransUnion credit bureaus; the alert lasts 90 days and lets all three credit agencies know you may be a victim.
* Request a credit report, which you can get for free after a fraud alert.
* Check your accounts so you have up-to-date information and can more easily identify unusual activity.
If you do notice unusual activity or charges:
* File a report with police.
* Close any accounts that have been tampered with.
* Initiate an extended fraud alert, good for seven years.
* Get a credit report
For more information:
Reach Catharine Huddle at 473-7222 or firstname.lastname@example.org.