Tens of thousands of Alaskans may receive letters from the state this year, in the wake of a 2018 malware infection on a laptop containing personal data which may have had links to Russia.

State officials initially said on Jan. 22 that 500,000 to 700,000 letters were sent in the wake of the security breach. On Wednesday, a Department of Health and Social Services spokesperson revised that total to about 87,000 letters.

Shawnda O’Brien, director of the state’s Division of Public Assistance, said Tuesday the state hadn’t found any sign of a data breach from the April 26 computer virus which infected one of the division’s computers. However, she said the state was still contacting current or former participants in division programs.

“We don’t have any reason to believe their information was compromised, but because their information could have been compromised we had to let them know,” O’Brien said by phone Tuesday.

A copy of the Jan. 7 letter lays out the extent of information from the division’s eligibility database which may have been compromised due to “unauthorized access by unknown cyber attackers” between April 26 and April 30.

“Information contained in the database includes: names, Social Security numbers, dates of birth, addresses, health information, benefit information and other types of related information,” officials wrote.

A June statement on the security breach from the division’s parent agency, the state Department of Health and Social Services, said the computer affected by the breach “accessed sites in Russia, had unauthorized software installed, and other suspicious computer behavior that provided strong indications of a computer infection.”

O’Brien, however, said no malicious intent was ultimately discovered in the security breach. She said the incident began with an infected computer from which an applicant emailed a request for assistance to a state worker. Emails sent to the division routinely contain documentation for requests, and a file attached to the message carried what DHSS called a “Zeus/Zbot Trojan virus” in June, leading to the breach.

The virus was particularly effective and had access to the laptop’s hard drive, according to O’Brien, because it was a “Day One” attack unleashed before security researchers had identified the virus and adapted state computers’ antivirus programs to stop it.

“As soon as our IT folks realized what was happening, they shut [the laptop] down so it couldn’t go any further, but at that point it had gotten into several layers of our security,” O’Brien said. “In this case we were able to catch it, but by then the damage had already been done.”

Notifications to people affected by the breach were delayed as DHSS drew on federal help to determine the full extent and ramifications of the breach.

“Due to the volume of information and the data to be researched, we enlisted the assistance of the FBI,” O’Brien said. “It took them several months to get through; it was a pretty extensive task that they had.”

Once the FBI provided a list of people who may have been affected, the state used a contractor to send this month's letters.

State officials are changing security procedures in the wake of the breach, and the FBI is still investigating the case.

“They were not able to really identify where the source of the virus came from,” O’Brien said.

The letters are arriving just weeks after Alaskans saw a week-long delay in filing for Permanent Fund dividends online, after the Department of Revenue application system was yanked offline due to a Jan. 1 data glitch. State officials say the glitch, which wasn’t the result of a hack, may have exposed less than 100 people’s personal data to other people filing in the system that day.

Editor's note: An earlier version of this story reported a much higher number of letters were sent out, citing information given by the state's director of the Department of Public Assistance. This has since been updated with a revised number from the Department of Health and Social Services.

Copyright 2019 KTVA. All rights reserved.

YOU MAY ALSO BE INTERESTED IN: