Homeland Security Hack Exposes External Cyber Crisis Dangers

Cyber criminals can strike your organization without ever touching your systems directly

Earlier this month, the U.S. Department of Homeland Security announced a hack targeting a contractor who performs many of its background checks that exposed the data of at least 25,000 government workers.

Among the stolen data is a bevy of highly personal and confidential data, especially concerning since signs point to this being an attack by an enemy nation-state.

The Washington Post’s Ellen Nakashima was one of the first to share details:

The (background check) company, USIS, said in a statement that the intrusion “has all the markings of a state-sponsored attack.”

The breach, discovered recently, prompted DHS to suspend all work with USIS as the FBI launches an investigation. It is unclear how many employees were affected, but officials said they believe the breach did not affect employees outside the department. Still, the Office of Personnel Management has also suspended work with the company “out of an abundance of caution,” a senior administration official said.

“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the breach, department spokesman Peter Boogaard said. “We are committed to ensuring our employees’ privacy and are taking steps to protect it.”

More than anything, this incident raises red flags about the crises that can occur even if your own systems are sufficiently secured.

The question you need to ask yourself is, “am I devoting even a small percentage of the time cyber criminals are putting towards taking my data to actually protecting it?”

If the answer’s no, well, you’re asking for trouble.

Jonathan & Erik Bernstein