CNBC is reporting today that the Pentagon disclosed a cyber breach of Defense Department travel records that compromised the personal information and credit card data of up to 30,000 U.S. military and civilian personnel. IT security experts commented below.
“In context, this breach at DOD is potentially part of a much larger campaign by several well-known nation-states to build out a comprehensive database on our civilian and military population, our businesses, and all of their activity from one end of the supply chain to the other. They are possibly collecting databases and information, and building cross-indexes to utilize all of this data. This is in addition to all of the other nefarious activities they attempt when breaching our online information technology assets. This activity won’t stop. In fact, left unchecked it will get worse. Increasing cybersecurity risk necessitates that we stop talking and start deploying known best practices that can afford some protection. These include end-to-end encryption of data, both in the cloud and on-premise, the use of two-factor authentication, network segmentation, and more.”
Michael Magrath, Director, Global Regulations & Standards at OneSpan, Inc.
“The sad truth is that many of the affected individuals in the DoD breach had been victimized in other large and small-scale breaches over the past few years, including 2015’s Office of Personnel Management breach that affected 21.5 million federal employees and contractors.
“The treasure trove of personally identifiable data on the Dark Web just continues to grow, enabling fraudsters and steal identities or create new, synthetic identities using a combination of real and made-up information, or entirely fictitious information. For example, the personal and credit card information obtained in the DoD breach could be crossed referenced with data obtained from the OPM breach and other widely publicized private sector breaches.
“Cyberattacks will continue and it is imperative that public and private sector organizations not only deploy the latest in authentication and risk based fraud detection technologies in their organizations, but also make sure that all third party partners have equal cybersecurity measures in place.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.