The Department of State is the latest U.S. government agency to be hacked, with data stolen from one of its email servers.

First reported by Politico Monday, the hack was reported to employees by the department in an email Sept. 7 that stated that they had detected “activity of concern … affecting less than 1 percent of employee inboxes.”

“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the email is claimed to have said. “We have notified those employees.”

In a statement, the State Department confirmed the breach while at the same time emphasizing that the data breach pertained to an unclassified email server and did not involve the theft of classified information. The department went on to note that it is working with other government agencies to determine the source of the attack, in addition to bringing in an unnamed private sector security firm to assist in the investigation.

Ryan Wilk, vice president of customer success at NuData Security Inc., told SiliconANGLE that governments and online companies that provide services online must secure all the links in their security chain.

“Bad actors look for the weakest point to access information, so companies have to be extra diligent in keeping their security up to date on all placements,” Wilk said. “Additionally, companies that identify users online need to devalue the data that bad actors steal and use to misrepresent legitimate users – like they do in account takeover attacks.”

Rich Campagna, chief marketing officer at Bitglass Inc., noted that there’s little room for error.

“This is particularly true of governmental groups that are supposed to be serving citizens and protecting their personal information,” he said. “Unfortunately, despite the amount and type of data that these organizations handle, many are unprepared when it comes to cybersecurity. Institutions that expose data lose the trust of employees and consumers, while individuals who have their information stolen may be forced to grapple with the long-term effects of identity theft.”

Campagna suggested that governmental organizations must adopt modern security technologies. “Dynamic identity management solutions, for instance, can verify users’ identities, detect potential intrusions, and enforce multi-factor authentication in a real-time, step-up fashion,” he said.

Image: State Department