September 2, 2011
Contact: Caitlin E. Chamberlain
(207) 441-0501

Secretary of State Charles E. Summers, Jr. Announces an Update Regarding the August 24th Computer Malware Incident

AUGUSTA, Maine – Secretary of State Charlie Summers announced today an update regarding the August 24th discovery of malicious software (malware) on the State-owned computer workstation at the Town Clerk’s Office in Millinocket.  Of the five computers located in that office, only the State-owned computer workstation was found to be infected with malware.  The workstation was removed from the town office and sent to the Maine State Police Computer Crimes Unit in Vassalboro for a complete forensic evaluation.  The Computer Crimes Unit will continue its investigation into what is defined as criminal activity by M.R.S.A. Title 17-A.  

To date, it appears that the virus found on the computer workstation took the form of a “key logger”. Therefore, the only data that could have been compromised would be any information the town clerk keyed into the Central Voter Registration (CVR) application from her keyboard after the computer workstation became infected with the virus.  After a review of all entries made on that computer workstation during the time period in question, our office has verified that all entries keyed into the CVR were legitimate (i.e. made by the Town Clerk’s staff) and that no data was compromised.

?Thankfully, the data in the CVR is in an Oracle database, so access to the database itself is tightly controlled with several layers of protection,? Secretary Summers said.? ?The State-owned computer workstation that was affected was running an older version of anti-virus software than the four unaffected town computers which left this computer more vulnerable to malware.? This problem has already been remedied in Millinocket and I intend to do the same with all State-owned computer workstations in towns across Maine that interact with the CVR.??