Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers.
In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late February. Several servers were hit, including Citrix servers used by employees for remote access to IT systems.
"It was a very small incident," said Debora Raymond, a company spokeswoman. The victims were mostly company employees. Less than 10 customers were affected by the malware, the Win32 QakBot Trojan, she said.
The Hartford's letters are going out to "users who logged onto an infected server (either through a Citrix session or support purposes)" between Feb. 22 and Feb. 28, 2011, The Hartford said in its letter.
"We do know that the virus has the potential to capture confidential data such as bank account numbers, Social Security numbers, user accounts/logins, passwords, and credit card numbers," the letter states.
It's not clear how The Hartford was infected, but hackers have been targeting staffers for years now -- particularly those in IT -- with targeted e-mail attacks, trying to trick them into visiting malicious websites or downloading Trojan horse programs. Security experts say that these attacks are widespread and often methodically planned.
Despite the presence of keylogging software, the insurance company's lawyer, Debra Hampson, said that her company has "no reason to believe that any information has been or will be misused." Victims are being given two years' free credit monitoring.
Working with its antivirus vendor, The Hartford has cleaned up the infected servers and is working on locking down its systems. One of the steps, Hampson said: "Providing additional privacy and information security training for employees in order to warn them of the dangers of downloading files from unknown sources on the Internet."