Alabama probes data breach in state systems

The Alabama Office of Information Technology said it is currently investigating a data security incident that affected several critical state systems.

 

The Alabama Office of Information Technology (OIT) is a state agency responsible for establishing IT policies, developing a strategic IT plan, and meeting the IT service demands of state agencies.

 

The incident came to light on Monday when Gov. Kay Ivey made a public announcement stating that on May 9, the state detected a data security incident and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

According to the governor’s statement, while some state employees’ usernames and passwords were compromised during the incident, “it is currently believed that no Alabamians personally identifiable information has been retrieved.”

 

The department created a dedicated webpage to provide updates on the incident, however, the page was inaccessible at the time of publication.

 

 

“Temporary disruption such as website accessibility, as well as email and phone communications, may occur, but our teams are actively working to establish a timetable and to ensure continuity of essential services to minimise any impact,” OIT said.

 

In a separate update, the agency said that it has called in two incident response teams from external firms “maintaining 24 hours-a-day, 7 days-a-week mitigation activities as technical specialists work extended shifts to ensure a continuous, uninterrupted response to this event.”

 

“At this time, no major disruptions to State services have been traced to the event and there is no evidence of exfiltration of the personally identifiable information of Alabama citizens,” OIT said in its update.

 

Governor Ivey has called on all state employees to stay alert and exercise caution when handling suspicious emails. The agency has also instructed staff to reset their passwords at the earliest.

 

“As this is an active, ongoing investigation, updates will be provided as new information becomes available and security protocol allows. OIT is working diligently to balance transparency and security interests as this situation progresses,” the department added.