Last weekend, more than 9,300 Department of Homeland Security (DHS) employees’ personal information was leaked online, all stemming from an apparent data breach to the DHS networks. Not only were those identities exposed, but the Twitter user that publicized the information immediately followed suit by exposing an additional 22,000 Federal Bureau of Investigation (FBI) employees’ information.
Employee information included names, titles, email addresses and phone numbers, putting individuals at high risk for identity theft and ultimately risking exposure for sensitive data the DHS and FBI networks may hold, jeopardizing national security. These are seemingly two of the U.S.’s most protected databases, so how in the world did they get infiltrated? The short answer for this incident and many in the current cyber landscape – through just one employee’s email account.
“It only takes one employee’s data to find the key to the castle – no matter how protected the walls are,” said Kevin Lancaster, ID Agent chief executive officer. “We see it happen time and time again, hackers are gaining access to major databases because organizations often overlook the human factor in their cybersecurity posture. One employee gets compromised and that’s all it takes to bring those castle walls down.”
The Key to Two of the Most Protected Castles
According to a source, the DHS and FBI hackers got into the systems by compromising the email account of a Department of Justice (DOJ) employee, after which a hacker claimed, “I clicked on it and I had full access to the computer.” It doesn’t take a seasoned IT professional to see how easy it would be to navigate through a network given this kind of access. These targeted attacks are happening more often and are complicating the way organizations determine how secure their networks are.
Taking Immediate Action in the Case of a Breach
At the time the leak was initially being publicized, ID Agent was able to track and identify the “data dumps” immediately after they were released. While hackers’ motives vary and cyber incidents only are able to be prevented to a certain degree, deploying a monitoring tool like Dark Web ID can help an organization take action in the case they fall victim to a cyber crime and quickly deploy a breach response. It’s time both the C-suite and Security teams start to take threat intelligence seriously. As soon as this type of data is published, organizations need to be notified.
ID Agent also provides pre- and post-breach identity monitoring for employees – a now tax-free benefit – to add another important layer to an organization’s breach plan. Keep in mind that this incident is not isolated in exploiting an individual employee’s email address to access the greater network, or in this case, multiple networks.