There is no hint that the database was copied

Apr 4, 2015 08:59 GMT  ·  By

Unauthorized access to the server of Synergistic Resources Integration (SRI) has been discovered, exposing personally identifiable information stored by the company, including social security and tax identification numbers.

SRI Inc. offers solutions for selling and liquidating real properties in a manner that increases government revenue with no cost for the taxpayers. The company also engages in tax, deed and foreclosure sales both online and in person.

Breach also exposes financial info

The intrusion on the server became known to SRI on March 13, 2015, although unauthorized persons may have obtained access to the sensitive data since December 1, 2014.

Names, addresses, social security numbers, tax IDs, as well financial information consisting in bank account or routing numbers could have been reached by an attacker and are considered exposed.

SRI says that it has found no evidence that the information has been downloaded. However, it is unclear if the machine was equipped with the necessary solutions for monitoring file copying activities.

The measure taken by the company to make sure that the unauthorized individuals can no longer reach sensitive information was to remove the data from the system.

Apart from this, SRI is switching its online auctions to a new software solution that provides better security.

Phishing risk ahead

Even if clues about fraudulent use of the potentially accessed sensitive data are not available, IRS suggests in a notification to impacted individuals to place a fraud alert on the credit report and check the bank statements on a regular basis.

Any sign of irregular activity should be reported to law enforcement, the state attorney general or the Federal Trade Commission (FTC).

Social security numbers and names can be used to apply for fraudulent tax returns or for a job in the name of the victim.

If the email address is available to the cybercriminals, they can also deliver phishing messages with the purpose of extracting more sensitive information from the recipient. Tax IDs can also be used in phishing scams.

Usually, organizations that suffer data breaches offer complimentary identity protection services to the people affected by the incident, although this is not a mandatory action.