Government computers are under attack with hackers being linked to China. According to the Assocaited Press, Hackers breached personnel data and Social Security numbers from EVERY federal employee. This is the third hack attack this year on the United States Government, with the most recent being earlier this month. Earlier this month the IRS was the target of an attack when transcripts for over 100,000 taxpayers were compromised. Investigators have said that as much as $39 million may have been stolen by hackers filing false refund requests.
The most recent attack is worse than previously stated by the Government. The sensitive data that was stolen were forms known as Standard Form 85 and 86. These forms contain personal information such as social security numbers, mental illness, drug and alcohol use and any financial difficulties. Not only were these forms accessed, but they were likely also unencrypted. This is extremely alarming to learn that the United States Government never encrypted their mot sensitive data protecting their employees.
Joel Brenner, a former counterintelligence official for the U.S government spoke to ABC news and stated:
“This tells the Chinese the identities of almost everybody who has got a United States security clearance, that makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
The Office of Personnel Management (OPM) was the target of this attack. The OPM is responsible for the records of military and veterans records containing information such as their address, birth date, job and pay history, health insurance, pension information, age, gender and race data. The OPM is also a repository for sensitive data collected through background checks of employees and contractors who hold security clearances. The OPM has downplayed the attack, saying what was hacked ‘could include’ personnel files. Their reports have been sketchy and unclear and we predict more information was stolen than is being reported.
GraVoc’s information security practice provides IT assurance, consulting, and audit solutions that help businesses secure IT and information assets. For more information regarding GraVoc’s services, please visit: https://www.gravoc.com/information-security/
REFRENCES
http://bigstory.ap.org/article/af77f567a4b74f128a4869031dc9add9/union-hackers-have-personnel-data-every-federal-employee
http://www.buzzfeed.com/sheerafrenkel/chinese-hackers-believed-responsible-for-one-of-the-largest#.lie14Gzr9
http://abcnews.go.com/Technology/wireStory/union-federal-workers-fell-victim-hackers-31712811
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.