QakBot Infects Mass. Websites

Personal information about an unknown number of Massachusetts residents may have been stolen from the Massachusetts Executive Office of Labor and Workforce Development, after hundreds of the agency’s computers were infected with malware.  Anyone who conducted business from April 19 – May 13 requiring that a staff person access thier file on-line with DCS, DUA or at a One Stop Career Center should take the  precautions found at

About 1,500 computers at the state’s One Stop Career Centers and other departments were infected with W32.QAKBOT, designed to allow remote control and to steal information.  There is a possibility that as a result of the infection, the virus collected confidential claimant or employer information. This information may include names, Social Security Numbers, Employer Identification Numbers, email addresses and residential or business addresses.  It is possible that bank information of employers was also transmitted.  About 1,200 of 180,000 employers that manually file with the agency may be impacted by the data breach, however the agency has no way to verify this number.

The agency first detected the malware on April 20th, and took immediate steps to contain and remove the infection.  Yesterday, the agency said that the virus was not remediated as originally believed, and that persistence of the malware resulted in a data breach.  “We were targeted by criminal hackers who penetrated our system with a new strain of a virus,” reports the secretary of labor and workforce development in a statement released this afternoon.  “All steps possible are being taken to avoid any future recurrence.”

Government Press Release