"We know for certain that the e-mails were accessed, we don't know whether or not anything else was accessed," she said. "But we're erring on the side of caution, we want people to know."
A contractor has done a "thorough forensic review" but was unable to find out how the hackers penetrated the site, Michener said.
"In addition to the below information on the investigation and those affected (which I encourage you to read/use as this info will make more sense), here's some more information. To investigate, we hired an industry-leading, third-party party computer forensic and security vulnerability analysis vendor to work collaboratively with the web site vendor to investigate this information. After a thorough forensic review of all available records of data access, the third-party expert has nevertheless not yet been able to pinpoint the precise source of the breach. We do know that the phishing e-mails employees and others received requested that the user respond to an e-mail address traced to a server in
. The e-mails themselves originated from numerous dummy e-mail accounts set up with an Internet web-mail service provider. Again, we don't know whether any other information was accessed or how these e-mail addresses were acquired by the third party. However, to err on the side of caution, Russia Aetnadecided to notify and offer credit monitoring to anyone who had a social security number in the database. Our investigation is continuing."
- Incident initially discovered week of May 4th, 2009
- Emails stolen were used to launch a spam campaign aimed at soliciting further personal information from Aetna job applicants
- Aetna immediately (not sure how quick this was...) took the job site down, notified people, and posted notices on their Aetna.com website
- Approx. ~65,000 people who were offered jobs with Aetna had their information potentially compromised
- Information included: Name, address, DOB, SSN, phone number, and other job-related information
- Majority of the people compromised are current/former Aetna employees