The United States’ federal defense agency responsible for ensuring safe communications with many high profile personalities including President Donald Trump, national leaders, and military operations, admitted experiencing a security breach.
The data breach occurred at Defense Information Systems Agency (DISA) in 2019, however, it is yet unclear whether or not the entire data belonged to DISA.
The unknown attackers managed to hack Personally Identifiable Information (PII) including Social Security Numbers of approx. 200,000 individuals, as per the revelation from the Department of Defense’ spokesperson Chuck Prichard.
In a letter sent by DISA to the affected individuals and mainstream news agencies on February 11, 2020, it was explained that the cyberattack took place between May and July 2019 and that the system hosted by DISA was affected by the security breach.
See: Two arrested for Hacking DC Security Cameras Before Trump Inauguration
It is clearly written in the letter that there is no indication of the misuse of PII.
It is worth noting that DISA has a policy under which the agency is liable to inform individuals if their personal data has been compromised. Furthermore, the agency has offered credit card monitoring of the affected individuals free of charge.
Prichard stated that the department has chosen not to reveal the actions taken to mitigate the vulnerabilities or risks because of operational security reasons.
DISA is responsible for providing IT support and direct telecom facility to President Trump, Vice President Mike Pence, the US Secret Service, staff of the president, the chairman of the Joint Chiefs of Staff and senior officers from the military.
See: FEMA leaks sensitive details of 2.3 million disaster survivors
Interestingly, in a report published in June by the Senate Homeland Security and Governmental Affairs’ Subcommittee, it was noted that as many as seven out of eight federal agencies offered insufficient protection to PII. Though DISA’s name wasn’t included in the agencies reviewed by the subcommittee, the hack does reveal shortcomings in its data protection methods.