Georgia DHS Data On Kids & Families Exposed In Cyberattack – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Oct 13, 2020 04:37 am PST

The Georgia Department of Human Services (DHS) notified the public of a recent cyberattack in which bad actors gained unauthorized access to employee email accounts that revealed the PII and PHI of children and adults involved in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS). A data privacy and security expert with Stealthbits offers perspective.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Dan Piazza
Dan Piazza , Technical Product Manager
October 13, 2020 12:37 pm

While details on how the attack occurred are scarce, it\’s not surprising that this level of personally identifiable information (PII) was stored in emails rather than secure locations. Email is one of the largest repositories of sensitive information within any organization\’s network, and is the primary communication mechanism both internally and externally. Within any organization, emails can and will contain all kinds of different information, much of it sensitive. This includes message bodies, attachments, calendar appointments, notes, tasks, contacts, and more.

Sensitive information such as what was stolen in this breach shouldn\’t be available simply by compromising an email account, and this breach demonstrates why it\’s important to frequently audit networks, including email, to determine which mailboxes, servers, and users represent the most risk for sensitive data. Data Access Governance software can help locate this data, classify it, secure over-provisioned access to that data, and monitor for unauthorized or abnormal data access activity.

Last edited 3 years ago by Dan Piazza

Recent Posts

Would love your thoughts, please comment.x