Officials say ‘malicious party’ hacked state agency website

June 14, 2018 GMT

RICHMOND, Va. (AP) — A “malicious party” hacked into the Virginia Department of Environmental Quality’s website but no data was lost or compromised, a spokeswoman for the agency that oversees the state government’s cybersecurity said.

A vulnerability in the software of the website’s content management system allowed the “intruder” access, Marcella Williamson, a spokeswoman for the Virginia Information Technologies Agency, said this week in response to questions from The Associated Press.

“A malicious party got into the system; however, the intruder was detected early by VITA and blocked, preventing significant changes,” Williamson wrote in an email.


The problem was reported May 22, and the website was taken down for nearly two weeks, DEQ spokeswoman Ann Regn said. It has since been restored, but some applications remained out of order Thursday.

No data was lost or compromised because the intrusion was “detected and contained quickly,” Williamson wrote. She said Thursday that her agency has not detected any additional intrusions at other state departments.

There is no way for the agency to confirm the identity of the attacker or be sure of the attack’s intent, Williamson said.

“The attacker was initially targeting the systems hosting the website and, it appears, further into other IT systems. Since this incident was discovered prior to compromising any additional IT, we can’t be sure of the ultimate goal,” she wrote.

Because of the issues, DEQ extended a public comment period allowing Virginians to weigh in on whether they believe the water-quality permits for two natural gas pipelines will be adequate to protect the state’s waterways. The comment period now closes Friday.

The IT agency has not yet completed a final report about the incident, according to Williamson.