The attack could have exposed employees’ personal information
The US State Department has confirmed that a hacker or group of hackers managed to infringe one of their email systems, an event that could potentially expose the personal information of some of their employees, as reported by ethical hacking specialists from the International Institute of Cyber Security.
The incident appears to have compromised at least 1% of the inboxes of the government office employees, representing between 600 and 700 employees affected out of the 96k people working in the State Department.
“Recently, the Department detected suspicious activity in its non-classified e-mail system, which affects less than 1% of employees’ inbox. Like any large organization with global presence, we know that the State Department is an attractive target for computer criminals”, says a statement from the Department. “We have not detected particularly disturbing activity in the compromised system; employees possibly affected by this situation have already been notified”.
As it has been found, the research is ongoing and the Department is working with partner agencies, as well as with ethical hacking service providers to conduct a full case assessment.
After the agency discovered the “suspicious activity” in its email system, it notified the incident to employees whose personal information might have been compromised. The State Department did not disclose to what kind of data the attackers had accessed, it has only made the mention that it is “unclassified” information, possibly personal data.
The agency claims that it has taken measures to secure its systems; for example, it is offering three years of monitoring of identity and payment card theft prevention to affected employees.
Concern of US legislators
A group of senators launched a statement addressed to Secretary of State Mike Pompeo last week expressing their concern about the flawed federal cybersecurity and ethical hacking standards, questioning the resistance of US federal agencies facing cyberthreats.
The Secretary of State’s response is expected in the coming weeks.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.