Zephyrnet Logo

DISA breach likely exposed personal data on at least 200K

Date:

The breach at one of the networks
of the Defense Information Systems Agency (DISA), which secures communications
for President Trump and military intelligence and other government officials, affected
as many as 200,000 people, exposing their personal information, including
Social Security numbers.

In a Feb. 11 letter to potential victims, DISA
offered few details of the breach that occurred between May and July 2019, according
to a Reuters report,
though a DISA spokesperson cited said they were given “information about
actions that can be taken to mitigate possible negative impacts.”

Noting that the agency took “the potential compromise
very seriously,” DISA Chief Risk Officer and CIO Roger Greenwell wrote that DISA
had “put additional security measures in place to prevent future incidents” and
is “adopting new protocols to increase protection of all PII.”

Since DISA hasn’t provided many
details on the breach, “we don’t know if the Department of Defense (DoD) knew
about the breach and didn’t share details, or if they only just discovered the
breach,” said Chris Morales, head of security analytics at Vectra. “The thought
that comes to mind immediately here is that if the DoD can be compromised, that
anyone can. Every network is complex and human error is common regardless of
the level of organization.”

Morales said the “information compromised seems to be
non-critical to the function of the DoD (although very personal and private to
the people compromised) so it may have been an external databased without the
same level of controls as internal secret information.”

Ilia Kolochenko, founder and CEO of ImmuniWeb agreed that on the surface, the incident seems to be “comparatively insignificant.” But he urged an in-depth investigation “to ascertain whether other systems or devices have been impacted.”

Nation-state attackers frequently “commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks,” Kolochenko saidWorse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense.”

The disclosure timeline may hold some clues as to the severity of the attack and what’s to come. It “seems to be impermissibly protracted given that the breach reportedly happened almost a year ago,” said Kolochenko. That might very well indicate “attack sophistication, and what has been reported so far may just the tip of the iceberg,” he explained.

Source: https://www.scmagazine.com/home/security-news/disa-breach-likely-exposed-personal-data-on-at-least-200k/

spot_img

Latest Intelligence

spot_img