Welcome to the

AdGuardian Plus Blog


Data breach in a US government agency

us government agency - data breach

A US government agency notified its 8,000 employees that an attack compromised their personal data. The Defense Information Systems Agency (DISA) provides secure communications to the White House. Its CIO, Roger Greenwell revealed that the attackers stole the Social Security numbers from a “system hosted by DISA”. Regardless it is a security agency.

“While there is no evidence to suggest that your PII (personally identifiable information) was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised”, he mentioned in a statement.

But he offered very few details about the affected systems, who and how attacked them. The attack happened between May and July 2019. Still, it is not clear if it also affected a wider base of users of DISA’s service, or just its employees. Thus, according to some speculations, about 200,000 people could be involved.

But the agency announced it would help those affected by monitoring the data. Also, it put in place additional security “to prevent future incidents”. Also, the agency mentioned it adopted new protocols to improve protection of the personal data.

A serious attack with little damage

Despite the DISA’s statements, security specialists consider the incident as very serious, as it compromised a US government defence agency. Security specialists consider that the compromised information might not be critical to the function of the DoD. “Although very personal and private to the people compromised. So, it may have been an external database without the same level of controls as internal secret information,” Chris Morales, head of security analytics at Vectra, mentioned.

But he also believes that this is an unfortunate situation. Thus, he considers that “Organizations need to get better at how long it takes to be aware of a compromise and how quickly they can respond. Visibility into how systems are used is key.”

Related posts

Facebook dislikes an honest ad campaign and bans it


Scam ads on Facebook and Google, despite flagging


Malvertising campaign affected millions of innocent users

NewsSecurity Tips

Study: How do ransomware threats look this year?

Leave a Reply

Your email address will not be published. Required fields are marked *