Government computers are under attack with hackers being linked to China. According to the Assocaited Press, Hackers breached personnel data and Social Security numbers from EVERY federal employee. This is the third hack attack this year on the United States Government, with the most recent being earlier this month. Earlier this month the IRS was the target of an attack when transcripts for over 100,000 taxpayers were compromised. Investigators have said that as much as $39 million may have been stolen by hackers filing false refund requests.
The most recent attack is worse than previously stated by the Government. The sensitive data that was stolen were forms known as Standard Form 85 and 86. These forms contain personal information such as social security numbers, mental illness, drug and alcohol use and any financial difficulties. Not only were these forms accessed, but they were likely also unencrypted. This is extremely alarming to learn that the United States Government never encrypted their mot sensitive data protecting their employees.
Joel Brenner, a former counterintelligence official for the U.S government spoke to ABC news and stated:
“This tells the Chinese the identities of almost everybody who has got a United States security clearance, that makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
The Office of Personnel Management (OPM) was the target of this attack. The OPM is responsible for the records of military and veterans records containing information such as their address, birth date, job and pay history, health insurance, pension information, age, gender and race data. The OPM is also a repository for sensitive data collected through background checks of employees and contractors who hold security clearances. The OPM has downplayed the attack, saying what was hacked ‘could include’ personnel files. Their reports have been sketchy and unclear and we predict more information was stolen than is being reported.
GraVoc’s information security practice provides IT assurance, consulting, and audit solutions that help businesses secure IT and information assets. For more information regarding GraVoc’s services, please visit: https://www.gravoc.com/information-security/
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.