P O R T L A N D, Maine, May 11, 2001 -- Maine Public Broadcasting Corp. telephoneoperators fielded questions today from alarmed donors after thedisclosure that a hacker broke into a computer database of 63,000members that included credit card numbers.
The intruder spent at least three hours in a system thatcontained fund-raising data early Sunday but it remains unclearwhether the database was viewed or whether any files weredownloaded, MPBC officials said.
“It caused no damage to our system, nor do we have anyinformation that any personal information of our members or ourdonors was released,” spokeswoman Rhonda Morin said today fromher office in Lewiston.
The file server was hacked at 3:15 a.m. Sunday and the intrudertried unsuccessfully to install a program that could have wreakedhavoc on the system or allowed for easier entry in the future, shesaid.
In the System for Three Hours
Automated activity reports show that the intruder was in thesystem until 6:15 a.m. At that point, the intruder either left thesystem or used a program to erase evidence of his or heractivities, Morin said.
It’s conceivable, but improbable, that the hacker was in thesystem for up to 15 hours until a freak lightning strike broughtdown the entire system, she said.
The problem was uncovered Monday morning by the systemsadministrator, and the company also received an anonymous e-mail.The company decided to issue a press release Wednesday evening towarn its members and contributors that there could be a problem.They were advised to watch for unusual credit card activity.
The most likely scenario was that the intruder triedunsuccessfully to download data and then left, Morin said.
As of today, there was no indication that any vitalinformation was viewed, and officials were certain that large fileswere not downloaded, Morin said. Downloading the entire databasewould take 15 hours, and special software would have been required.
On the Lookout
The company has been monitoring hacker Web sites for any signthat its membership information is out in cyberspace. It also hasbeen checking sites where stolen credit card numbers often appear.
“We have no information saying anyone’s information is outthere in cyberspace,” Morin said.
Since there was no evidence of any harm from the computerbreak-in, the FBI and state law enforcement declined toinvestigate.
“To be honest, computer hacks happen in business all thetime,” Morin said. The University of Maine, the company’s Internetprovider, told the company that it gets hacked up to 1,000 times ayear, she said.