Expert Analsysis Of US Defense Agency Says Personal Data 'Compromised' In 2019 Data Breach

A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been compromised “in a data breach” on a system hosted by the Defense Information Systems Agency (DISA). It’s believed Social Security numbers and other sensitive personal data and information may have been taken in the data breach between May and July 2019, but it’s not known if the data was stored on a classified system.

The US Defense Dept confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) were hacked, exposing the personal data of about 200,000 people.

The agency oversees military communications including calls for Donald Trump
https://t.co/byqDFlp6cG

— ❄in the hizzy (@TheKellyLlama) February 21, 2020

Experts Comments

Dot Your Expert Comments

David Emm

February 24, 2020

Principal Security Researcher

Kaspersky

A third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment.

The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent cyber-attacks, which includes taking steps such as educating employees about risks, using password managers, installing security software, and regularly updating systems. This can put businesses on the path to fully protecting themselves against cyber-threats. Read Less

Rosa Smothers

February 24, 2020

SVP of Cyber Operations

KnowBe4

No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees.

It’s a painful irony that the agency charged with providing secure comms for the White House has fallen victim to a data breach. Though a lot of employee information may have been disclosed during the OPM hack, this will disclose vital PII of employees hired since then. No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees with admin access to highly sensitive networks.

Tal Zamir

February 24, 2020

Founder and CTO

Hysolate

But they're still using the same techniques to get their way in - though endpoints.

For years we had been seeing the number of days it takes to identify a breach reduce year over year, but just this year that number climbed again and it's because attackers are getting better and smarter at covering their tracks. But they're still using the same techniques to get their way in - though endpoints. Once an attacker has made their way onto an endpoint, it's far too easy for them to gain access to credentials and pivot their way to sensitive information. We recommend that organizations isolate sensitive information - especially defense organizations that arguably hold some of the most valuable secrets and data. It's critical to keep this information locked-down and separate from the areas where workers conduct day-to-day activities which are more at risk. Read Less

Ilia Kolochenko

February 21, 2020

Founder and CEO

ImmuniWeb

Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing.

The details of the reported breach are pretty obscure. At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance. However, an in-depth investigation should be urgently conducted to ascertain whether other systems or devices have been impacted. Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks. Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense. The present disclosure timeline seems to be impermissibly protracted given that the breach reportedly happened almost a year ago. This may be an indicator of attack sophistication, and what has been reported so far may just the tip of the iceberg. Read Less