The Massachusetts unemployment office has warned clients that their personal details may have been compromised by a data-stealing worm.
The state’s Executive Office of Labor and Workforce Development issued a warning last week after discovering an earlier attempt to remove W32.QAKBOT was not successful.
At risk were client names, social security numbers, employer identification numbers, email, business and residential addresses, and the bank account details of the agency’s 1,200 staff.
The worm may have resided on 1,500 internal and public facing terminals, but the agency was primarily concerned about any data that had been manipulated on internal desktops.
"For a claimant to have been impacted, a staff person would have had to key in sensitive information at an infected work station," it said.
W32.QAKBOT, which Symantec defined as a worm, is capable of keylogging, as well as collecting cookie data, DNS, operating system, private keys from system certificates and URLs.
The agency was in the process of notifying potential victims and advised them to place a fraud alert on any credit cards.