Government computers are under attack with hackers being linked to China. According to the Assocaited Press, Hackers breached personnel data and Social Security numbers from EVERY federal employee. This is the third hack attack this year on the United States Government, with the most recent being earlier this month. Earlier this month the IRS was the target of an attack when transcripts for over 100,000 taxpayers were compromised. Investigators have said that as much as $39 million may have been stolen by hackers filing false refund requests.
The most recent attack is worse than previously stated by the Government. The sensitive data that was stolen were forms known as Standard Form 85 and 86. These forms contain personal information such as social security numbers, mental illness, drug and alcohol use and any financial difficulties. Not only were these forms accessed, but they were likely also unencrypted. This is extremely alarming to learn that the United States Government never encrypted their mot sensitive data protecting their employees.
Joel Brenner, a former counterintelligence official for the U.S government spoke to ABC news and stated:
“This tells the Chinese the identities of almost everybody who has got a United States security clearance, that makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”
The Office of Personnel Management (OPM) was the target of this attack. The OPM is responsible for the records of military and veterans records containing information such as their address, birth date, job and pay history, health insurance, pension information, age, gender and race data. The OPM is also a repository for sensitive data collected through background checks of employees and contractors who hold security clearances. The OPM has downplayed the attack, saying what was hacked ‘could include’ personnel files. Their reports have been sketchy and unclear and we predict more information was stolen than is being reported.
GraVoc’s information security practice provides IT assurance, consulting, and audit solutions that help businesses secure IT and information assets. For more information regarding GraVoc’s services, please visit: https://www.gravoc.com/information-security/
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.