Join our subscribers
U.S. Defense Agency That Secures Trump’s Communications Confirms Data Breach
Friday, February 21, 2020
While many of the details surrounding this breach are likely to remain, understandably, confidential, given the nature of the DISA work, the letter itself has already been published on Twitter by one recipient. Signed by Roger S. Greenwell, the chief information officer at DISA, the letter revealed the breach took place between May and July last year, and information including social security numbers may have been compromised as a result. It also stated that there is no evidence that any personally identifiable information (PII) has been misused as a result. The letter does, however, confirm that DISA will be offering free credit monitoring services to those who want it.
Is the DISA disclosure just the tip of an incident iceberg?
Ilia Kolochenko, CEO at security specialist ImmuniWeb, said that an investigation needs to be conducted, as a matter of urgency, to ascertain if any other systems were impacted. "Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks," Kolochenko said, adding "access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable of bypassing virtually any modern layers of defense." That the disclosure letters confirm this breach occurred between May and July 2019, I would hope that such a forensic investigation has long-since been instigated. The delay in these letters being sent out may also "be an indicator of attack sophistication," Kolochenko concluded, "and what has been reported so far may just be the tip of the iceberg." Read Full Article
SC Media: ISS World faces cyber-attack; employees worldwide left offline
