14 DAY TRIAL // Enterprise software and information solutions provider Deltek is notifying customers that personal and financial details might have been compromised after sophisticated cybercriminals breached into the company’s GovWin IQ website.
The GovWin service is designed to help organizations win government-related business. According to the notification letter sent out to impacted customers, hackers gained access to names, billing addresses, telephone numbers and business email addresses.
They’ve also gained access to credit card numbers and expiration dates submitted by those who made purchases on the GovWin IQ eCommerce platform.
The breach was discovered on March 13, 2014. However, the attack occurred sometime between July 3, 2013 and November 2, 2013. Deltek highlights the fact that it is one of the thousands of organizations that have been subject to a sophisticated cyberattack.
The company is cooperating with law enforcement in the investigation of the incident. On the other hand, the individual believed to be behind the attack has already been arrested.
The security hole exploited by the cybercriminals has been patched. Security enhancements have been rolled out and a top IT security firm has been called in to help the company in making sure that its systems are better protected against cyber threats.
“We have remedied the security vulnerability that we believe the hacker exploited in order to gain unauthorized access to our GovWin IQ system,” Mike Corkery, president and CEO of Deltek, wrote in the notification letter sent out to customers.
“We have increased the overall security of GovWin IQ, including by reviewing and improving our data security procedures and changing our practices for handling personal information,” Corkery added.
Deltek representatives have told Federal News Radio that around 80,000 employees of federal contractors are affected. The attackers had access to around 25,000 payment card records.
The 25,000 individuals whose cards could have been compromised are being offered free credit monitoring services.
“While we have no reason to believe that this security incident has led to the misuse of your personal information, out of an abundance of caution and to help protect your identity, we have made arrangements to provide you with a one-year membership to TransUnion Monitoring at no charge to you,” Corkery told customers.
There’s no evidence that GovWin usernames and passwords have been misused, but customers are being required to change their passwords. Furthermore, they will have to change their passwords every 90 days from now.