Prison staff respond to possible hack - from within

Prison staff respond to possible hack - from within

Many harried data security experts likely want hackers to end up in prison. Being behind bars, however, did not stop several inmates at a state prison New Hampshire from attempting to hack a Corrections Department computer system. According to the New Hampshire Union Leader, the state penitentiary in Concord recently shut down computer access following a possible hack to its billing and records management system.

Internal attack

The news source reported that the Corrections Offender Records and Information System (CORIS), the computer system in question, stored vital information such as the home addresses and contact information of corrections officers and the parole details of inmates. If attackers did, indeed, gain access, they would have been able to both view and edit the information.

Fortunately, according to the source, there were several IT security features in place that likely prevented inmates for changing any of the system's content.

"CORIS is password protected and only certain staff have the ability to add to or otherwise change the data that is maintained there," corrections spokesman Jeff Lyons told the Union Leader. "Most other data on the DOC network is password protected and anyone who attempted to access that would be blocked unless they had the appropriate password."

Response time

An investigation is ongoing to determine whether inmates managed to make it into the system. Responding quickly and effectively to possible data breaches is critical. According to the State, a hack at the University of South Carolina became the subject of scrutiny by the Privacy Rights Clearinghouse following a notably slow reaction. The source reported that incident was first discovered on July 6 but was not revealed to the public until late August. The university has lost 81,000 personal records since 2006, highlighting the importance of a strong security framework and incident response, no matter the field.