RICHMOND, Va. – The Virginia Department of Environmental Quality was hacked by a malicious party, but no data was compromised, confirmed an agency spokeswoman.
The intruder gained access by exploiting a vulnerability in the shell, DEQ spokeswoman Ann Regn said.
The hacker gained access to the DEQ system but was detected early by the Virginia Information Technologies Agency (VITA), which is the commonwealth’s consolidated IT organization.
“Finding this vulnerability and stopping the attack early protected the DEQ website and IT systems,” VITA spokeswoman Marcella Williamson said. “These are preliminary findings. We are continuing to investigate this intrusion and will present a final report to DEQ.”
While the organization could not confirm the identity of the attacker, Williamson says the systems that were involved in the attack were located in the Netherlands and in California.
Williamson says VITA has not found any evidence of the same attack in other state CMS systems, but they are continuing to monitor any intrusions.
The website has been offline since May 22, but has been restored, Regn confirmed. Not all applications on the website are functional as of Thursday. Regn said that personal information is not stored on the server.
Due to the extended period of time that notices and documents for review were not available through the website, comment periods were extended for matters subject to a public comment opportunity during the down time.
The new dates are posted online, here.