10:11 AM

Ingram Micro Discloses Hacker Attack

It told current and former employees in a letter that it has detected unauthorized access in company systems that contain names and personal identification.

Hacker attacks on businesses are on the rise, and these days generally are launched by more sophisticated and motivated perpetrators. The sophistication is making it more difficult for companies to secure sensitive employee and customer information, according to research firm Gartner. Even companies that distribute software and systems aren't immune.

Ingram Micro Inc. last week disclosed in a letter to former and current employees that the company detected unauthorized access to its computer systems containing names and personal identification such as Social Security numbers, national identification numbers, and passport numbers for U.S. employees and their beneficiaries of health care, life insurance, and 401(k) benefits.

The letter dated May 17 reveals that the computer distributor has no evidence of entry into specific personal-information databases, but wanted to alert employees whose stored information may have been compromised. The company declined to comment on exactly when the breach occurred, or why the letter took two weeks to arrive at a local address, because of an ongoing investigation by law enforcement.

At Wackenhut Corp., a service operator taking messages from concerned callers said Ingram Micro hired the security company two months ago to set up a confidential employee hot line to take calls. The security firm said the hot line is a requirement of the Sarbanes-Oxley Act and not a result of the security breach.

Taking precautionary measures, company officials recommended placing a fraud alert on credit files, and provided telephone numbers to Equifax, Experian, and Trans Union credit-reporting agencies.

But Ingram Micro isn't alone. Companies typically store employee and customer information in archived databases for seven or more years to accommodate Internal Revenue Service tax audits. As a result, companies need to do more to protect sensitive information, Gartner urged in a recently released study. The research firm suggested putting in place intrusion-prevention systems to block malicious actions. These intrusion-prevention systems need multiple algorithms to successfully keep out unauthorized access.

They also must provide blocking capabilities that include signature-based blocking of known attacks by moving beyond simple signature-based approaches, such as those used by antivirus and intrusion-detection systems, to at least support policy, behavior, and anomaly-based detection algorithms, Gartner suggested. These algorithms should operate at the application level in addition to standard, network-level firewall processing.

As intrusion-prevention systems mature, they will positively identify and block higher percentages of attacks than today's first-generation intrusion-prevention systems, Gartner said. However, the system will never be perfect, and it's always necessary to flag suspicious activity for further investigation by humans.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll