Honeywell, Rhode Island Leak Data

Honeywell International acknowledged late Tuesday that personal information, including Social Security and bank account numbers, on 19,000 employees was inadvertently posted to a public Web site. In a separate incident, hackers stole thousands of credit card numbers from a Rhode Island state government Web site.

Honeywell says it contacted employees within 24 hours of learning about the breach on January 20. The company is working with federal and state authorities to determine who posted the data, and whether it was done purposely by a disgruntled employee.

The Web site containing the personal information was taken down by the ISP, and Honeywell says it is monitoring to make sure the data does not crop up on other sites.

The news comes as the Boston Globe and Worcester Telegram & Gazette admitted that credit card data of up to 240,000 subscribers might have been inadvertently compromised due to a computer glitch that printed them on routing slips attached to newspapers.

Rhode Island is also feeling the heat from a compromise of credit card numbers stored on a state government Web site run by a contractor, New England Interactive (NEI).

Russian hackers apparently used a SQL injection technique, in which a dynamic SQL query can be changed through a URL, to gain access to the machine. The hackers posted a detailed explanation of their exploits complete with screenshots on a public Web site.

NEI says it contacted the Rhode Island CIO and United States Secret Service to inform them of the breach, which leaked 4,117 credit card numbers that were used in transactions with RI government agencies between December 31, 2004, and March 8, 2005.