Exhibit 99
NIC Says Rhode Island Security Breach Discovered
and Vulnerability Corrected Same Day It Occurred
PROVIDENCE, R.I.--(BUSINESS WIRE)--Jan. 30, 2006--eGovernment
provider NIC (Nasdaq:EGOV) today said that the security breach which
allowed an unauthorized party to gain access to the state of Rhode
Island's official Web site (www.RI.gov) and obtain personal
information that was stored in one of the portal's servers was
discovered and corrected on December 28, 2005, the same day it
occurred. NIC operates the Rhode Island portal through a contract
between its New England Interactive, LLC, subsidiary and the state.
NIC said that the security breach was due to an isolated software
error. The Company also said the isolated software error that allowed
the breach was immediately corrected. The Company said that its
investigation to date has revealed that information, including full
credit card numbers for 4,117 credit cards, was obtained. The affected
cards were used in transactions conducted between December 31, 2004,
and March 8, 2005.
NIC said that following an initial investigation, New England
Interactive reported the incident to the office of the Rhode Island
Chief Information Officer on December 29, 2005. On the same day, New
England Interactive also notified the Providence office of the United
States Secret Service, which investigates international computer
crime, and the credit card companies to enable them to monitor for
fraudulent activity. Initial evidence indicated that only a handful of
credit card numbers may have been stolen.
On the afternoon of January 25, 2006, NIC became aware of
information on a Russian language Web site that appeared to discuss
the incident. New England Interactive worked to verify and
cross-reference certain information on that Web site against
information available to New England Interactive to determine whether
any portion of it could be true.
On January 26, NEI informed NIC, and again notified the office of
the Rhode Island Chief Information Officer, along with the Secret
Service and credit card companies, that additional credit cards in
fact appeared to be involved. Further research revealed that
information, including full credit card numbers for 4,117 credit
cards, was obtained.
NIC said that the investigation is continuing. As a precaution,
the Company is recommending that citizens who have provided credit
card information to the Rhode Island portal contact the credit card
companies whose cards they used online and request that their accounts
be monitored for potential fraudulent activity.
"NIC takes security matters very seriously," said Harry Herington,
Chief Operating Officer of NIC. "We take responsibility for this
incident and acted immediately to correct the breach upon discovering
it. We will continue to work with Rhode Island state officials, law
enforcement, and the credit card companies to resolve this issue."
NIC manages 18 state portals through its subsidiaries. Each
operation maintains an independent technology structure, and as noted
earlier, the software error in Rhode Island was an isolated issue not
present in other NIC-managed portals. The Company conducted an
internal audit of RI.gov's security procedures following the incident
and maintains a contract with a third party security assessor for
regular audits of every operation it supports. Each NIC portal
operation has been subject to extensive security evaluations prior to
and following this incident, and the Company is confident that it
maintains appropriate security measures.
About NIC
NIC manages more eGovernment services than any provider in the
world. The Company helps government communicate more effectively with
citizens and businesses by putting essential services online. NIC
provides eGovernment solutions for 2,000 state and local agencies that
serve 60 million people in the United States. Additional information
is available at www.nicusa.com.
CONTACT: NIC
Chris Neff, 435-645-8898
cneff@nicusa.com