Modernizing Authentication — What It Takes to Transform Secure Access
Prison inmates in New Hampshire recently breached the state's Corrections Offender Records and Information System (CORIS).
"According to the Associated Press, the breach was discovered [on August 24] when a prison staffer saw a cable connecting an inmate computer to that of a staff member's. ... Why inmates had anything close to access to a staff terminal is anyone's guess," writes SecurityNewsDaily's Ben Weitzenkorn. "Prison spokesman Jeffrey Lyons told the AP that the computers are used by about 24 inmates on a closed network for tracking and billing work done in prison."
Speaking to The New Hampshire Union Leader, New Hampshire Department of Corrections (DOC) spokesman Jeff Lyons said, "Corrections staff discovered a security breach of a cable, which connects an internal computer network to work stations, located in the Correctional Industries area of the prison. The area was secured and the shops were closed. This network is mainly used to track invoices and billing for Correctional Industries contracts. The server on which this data is maintained is a standalone server from the DOC network, which also supports the offenders management database system otherwise known as the Corrections Offendor Records and Information System (CORIS). However, the breach resulted in the two networks being connected."
"Mark Jordan, former president of the union representing prison guards, ... said he was told that inmates had gained access to the prison's CORIS system which would, in theory, give them access to addresses and contact information for prison staff members, as well as sentencing and parole dates -- and the ability to possibly alter them," writes The New Hampshire Union Leader's Paul Feely. "'This is a security issue,' said Jordan. 'If they were able to gain access to this information, who knows what else they could have access to?'"