Ingram Micro Discloses Hacker Attack - InformationWeek
10:11 AM

Ingram Micro Discloses Hacker Attack

It told current and former employees in a letter that it has detected unauthorized access in company systems that contain names and personal identification.

Hacker attacks on businesses are on the rise, and these days generally are launched by more sophisticated and motivated perpetrators. The sophistication is making it more difficult for companies to secure sensitive employee and customer information, according to research firm Gartner. Even companies that distribute software and systems aren't immune.

Ingram Micro Inc. last week disclosed in a letter to former and current employees that the company detected unauthorized access to its computer systems containing names and personal identification such as Social Security numbers, national identification numbers, and passport numbers for U.S. employees and their beneficiaries of health care, life insurance, and 401(k) benefits.

The letter dated May 17 reveals that the computer distributor has no evidence of entry into specific personal-information databases, but wanted to alert employees whose stored information may have been compromised. The company declined to comment on exactly when the breach occurred, or why the letter took two weeks to arrive at a local address, because of an ongoing investigation by law enforcement.

At Wackenhut Corp., a service operator taking messages from concerned callers said Ingram Micro hired the security company two months ago to set up a confidential employee hot line to take calls. The security firm said the hot line is a requirement of the Sarbanes-Oxley Act and not a result of the security breach.

Taking precautionary measures, company officials recommended placing a fraud alert on credit files, and provided telephone numbers to Equifax, Experian, and Trans Union credit-reporting agencies.

But Ingram Micro isn't alone. Companies typically store employee and customer information in archived databases for seven or more years to accommodate Internal Revenue Service tax audits. As a result, companies need to do more to protect sensitive information, Gartner urged in a recently released study. The research firm suggested putting in place intrusion-prevention systems to block malicious actions. These intrusion-prevention systems need multiple algorithms to successfully keep out unauthorized access.

They also must provide blocking capabilities that include signature-based blocking of known attacks by moving beyond simple signature-based approaches, such as those used by antivirus and intrusion-detection systems, to at least support policy, behavior, and anomaly-based detection algorithms, Gartner suggested. These algorithms should operate at the application level in addition to standard, network-level firewall processing.

As intrusion-prevention systems mature, they will positively identify and block higher percentages of attacks than today's first-generation intrusion-prevention systems, Gartner said. However, the system will never be perfect, and it's always necessary to flag suspicious activity for further investigation by humans.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll