UPDATED 21:40 EST / FEBRUARY 20 2020

SECURITY

Agency that secures US government and military communications suffers data breach

A data breach has hit the Defense Information Systems Agency, the U.S. Department of Defense agency tasked with providing information technology and communications support to the White House, Secretary of Defense, military services and combat commands.

The personal data of about 200,000 people, including names and Social Security numbers, may have compromised, though the agency said it has no evidence data was stolen. The breach was disclosed in a letter to those who were affected, Reuters reported today.

Details are slim on exactly what took place, but the breach occurred between May and July 2019 on a system hosted by DISA. When asked for direct comment by the BBC, a DOD spokesperson did not provide any further details but did confirm that the agency was notifying those affected, adding, “DOD networks are under attack daily and the department maintains an active posture to thwart those attacks.”

Given that the agency is responsible for secure communications at the White House and for military commands, concerns have been raised that the data breach may have affected national security.

“The details of the reported breach are pretty obscure,” Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE. “At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance.”

Kolochenko said an in-depth investigation should be conducted. “Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the internet and then silently propagate to all other interconnected systems in a series of chained attacks,” he said. “Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable of bypassing virtually any modern layers of defense.”

Chris Morales, head of security analytics at cybersecurity firm Vectra AI Inc., noted the lack of details about the breach.

“If the DOD can be compromised, that anyone can,” Morales said. “Every network is complex and human error is common regardless of the level of organization.”

Suggesting that this could be a yet another case of an unsecured online database, Morales added that “the information compromised seems to be noncritical to the function of the DOD, although very personal and private to the people compromised, so it may have been an external database without the same level of controls as internal secret information.”

Photo: Scott Air Force Base

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU