UPDATED 23:13 EDT / SEPTEMBER 18 2018

INFRA

Data stolen in hack of US Department of State email server

The Department of State is the latest U.S. government agency to be hacked, with data stolen from one of its email servers.

First reported by Politico Monday, the hack was reported to employees by the department in an email Sept. 7 that stated that they had detected “activity of concern … affecting less than 1 percent of employee inboxes.”

“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the email is claimed to have said. “We have notified those employees.”

In a statement, the State Department confirmed the breach while at the same time emphasizing that the data breach pertained to an unclassified email server and did not involve the theft of classified information. The department went on to note that it is working with other government agencies to determine the source of the attack, in addition to bringing in an unnamed private sector security firm to assist in the investigation.

Ryan Wilk, vice president of customer success at NuData Security Inc., told SiliconANGLE that governments and online companies that provide services online must secure all the links in their security chain.

“Bad actors look for the weakest point to access information, so companies have to be extra diligent in keeping their security up to date on all placements,” Wilk said. “Additionally, companies that identify users online need to devalue the data that bad actors steal and use to misrepresent legitimate users – like they do in account takeover attacks.”

Rich Campagna, chief marketing officer at Bitglass Inc., noted that there’s little room for error.

“This is particularly true of governmental groups that are supposed to be serving citizens and protecting their personal information,” he said. “Unfortunately, despite the amount and type of data that these organizations handle, many are unprepared when it comes to cybersecurity. Institutions that expose data lose the trust of employees and consumers, while individuals who have their information stolen may be forced to grapple with the long-term effects of identity theft.”

Campagna suggested that governmental organizations must adopt modern security technologies. “Dynamic identity management solutions, for instance, can verify users’ identities, detect potential intrusions, and enforce multi-factor authentication in a real-time, step-up fashion,” he said.

Image: State Department

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.