US Dept of State says data breach exposed employees' personal data  - dept state - US Dept of State says attack on email system exposed employees’ personal data

Well, this is embarrassing.

The US Department of has confirmed that it has suffered a breach which exposed the personally identifiable information of some employees.

News of the breach was first reported by Politico, who pointed out that the department has often been a target for state-sponsored hacks.

(Perhaps the most notable incident occurred in 2014 when attacked by Russian hackers, where an NSA Deputy Director described the battle for control over the State Department’s systems as virtually “hand-to-hand combat.”)

According to reports, the State Department detected “suspicious activity” against one of its email systems, exposing information about an undisclosed number of employees.

The Department recently detected activity of concern in its unclassified email , affecting less than 1 per cent of employee inboxes.”

Affected employees have been notified, and there has been no detection of suspicious activity related to the Department’s classified email system.

TechCrunch points out that earlier this year an analysis of federal cybersecurity measures determined that only 11% of the State Department’s devices are protected with some form of multi-factor authentication.

, for instance, recently underlined how successful their adoption of multi-factor authentication had been – noting that none of the technology giant’s 85,000 employees had been successfully phished on their work-related accounts since early 2017, when staff were given hardware keys.

As five senators pointed out in a letter to Secretary of State Mike Pompeo, that is a breach of the Federal CyberSecurity Enhancement Act which requires all executive branch agencies to enable multi-factor authentications for all accounts with “elevated privileges”.

Multi-factor authentication is not a guarantee that an account cannot be hacked, but it does make it significantly harder for hackers to breach accounts and steal sensitive data.

You would like to think that the US Department of State would understand the importance of rolling out multi-factor authentication. After all, there’s been rather a lot in the news of late about how hackers from other countries might have an unhealthy interest in breaking into US government email accounts…

Read more about two-step verification:

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - US Dept of State says attack on email system exposed employees’ personal data

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley

Source link


Please enter your comment!
Please enter your name here