Maine Public Broadcasting Corp. telephone operators fielded questions today from alarmed donors after the disclosure that a hacker broke into a computer database of 63,000 members that included credit card numbers.
The intruder spent at least three hours in a system that contained fund-raising data early Sunday but it remains unclear whether the database was viewed or whether any files were downloaded, MPBC officials said.
“It caused no damage to our system, nor do we have any information that any personal information of our members or our donors was released,” spokeswoman Rhonda Morin said today from her office in Lewiston.
The file server was hacked at 3:15 a.m. Sunday and the intruder tried unsuccessfully to install a program that could have wreaked havoc on the system or allowed for easier entry in the future, she said.
In the System for Three Hours
Automated activity reports show that the intruder was in the system until 6:15 a.m. At that point, the intruder either left the system or used a program to erase evidence of his or her activities, Morin said.
It’s conceivable, but improbable, that the hacker was in the system for up to 15 hours until a freak lightning strike brought down the entire system, she said.
The problem was uncovered Monday morning by the systems administrator, and the company also received an anonymous e-mail. The company decided to issue a press release Wednesday evening to warn its members and contributors that there could be a problem. They were advised to watch for unusual credit card activity.
The most likely scenario was that the intruder tried unsuccessfully to download data and then left, Morin said.
As of today, there was no indication that any vital information was viewed, and officials were certain that large files were not downloaded, Morin said. Downloading the entire database would take 15 hours, and special software would have been required.
On the Lookout
The company has been monitoring hacker Web sites for any sign that its membership information is out in cyberspace. It also has been checking sites where stolen credit card numbers often appear.
“We have no information saying anyone’s information is out there in cyberspace,” Morin said.
Since there was no evidence of any harm from the computer break-in, the FBI and state law enforcement declined to investigate.
“To be honest, computer hacks happen in business all the time,” Morin said. The University of Maine, the company’s Internet provider, told the company that it gets hacked up to 1,000 times a year, she said.