The US State Department was Recently Hit by a Cyber Attack

 

According to a Fox News correspondent, the US State Department was hit by a cyberattack, and the Department of Defense Cyber Command was notified of a potentially significant breach. The date of the breach is unknown, but it is thought to have occurred a few weeks ago, according to the Fox News reporter's Twitter thread. The current mission of the State Department to withdraw Americans and allies from Afghanistan has "not been harmed," according to the reporter. 

Without confirming any incident, a reliable source told Reuters that the State Department has not encountered any substantial disruptions and that its operations have not been hampered in any manner. On Saturday, a State Department official told CNBC that the agency "takes seriously its responsibility to safeguard its information and takes constant steps to ensure it is protected."

“For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time,” the spokesperson said. 

The Senate Committee on Homeland Security and Government Affairs gave the State Department's information security programme a D grade earlier this month, the lowest possible rating given by the government model. The panel found the department to be "ineffective in four of five function areas." 

“Auditors identified weaknesses related to State’s protection of sensitive information and noted the Department did not have an effective data protection and privacy program in place,” it added. The Senate committee also discovered that the department was unable to demonstrate that it had violated data security measures while in transit and at rest. 

According to a cybersecurity report by the Senate Committee, the agency was unable to provide documentation for 60% of the sample employees evaluated who had access to its classified network. On its classified and unclassified networks, the State Department left thousands of employee accounts active even after they had left the agency for significant periods of time—in some cases as long as 152 days after employees quit, retired, or were dismissed. 

“Former employees or hackers could use those unexpired credentials to gain access to State’s sensitive and classified information, while appearing to be an authorized user,” the report stated.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/3zc3lkT

Comments