REGISTER

email 14 48

June 5, 2015 - Hackers based in China are behind the massive data breach that could have compromised the personal data of at least 4 million current and former federal employees.

The cyber breach occurred this week at the US Office of Personal Management (OPM), which is the human resources arm of the US Government and is responsible for processing security clearance s for contractors and federal employees, the FT reports.

Sen. Susan Collins, R-Maine, a member of the Senate Intelligence Committee, told the Associated Press that investigators suspect the cyberattack was carried out by the Chinese. She said the breach was "yet another indication of a foreign power probing successfully and focusing on what appears to be data that would identify people with security clearances."

The OPM said it will be sending out notices to over 4 million current and former federal employees whose personal data may have been hacked. The Department of Homeland Security (DHS) also said that data from the Interior Department, which manages land, has also been comprised.

In the statement released yesterday, DHS said that its intrusion detection system, Einstein, identified the hack of OPM's systems and also the Interior Departments data centre. However, it was not mentioned why the system did not detect the breach until after the records had been copied or stolen.

The attack on the OPM is one of many cyber attacks on the US Government and if confirmed, the incident would be the second major breach by Beijing in less than a year.

The DHS said that it is continuing to monitor federal networks for suspicious activity and is working to investigate the extent of the breach, while the FBI said in a statement that it is working with interagency partners to also investigate the breach.

According to Fox News, since the news of the breach Congress man Adam Schiff, D-Calif, has called on the senate to pass cybersecurity legislation that passed through the House earlier in the year. "This bill will not be a panacea for the broad cyber threats we face, but is one important piece of armour in our defences that must be put in place- now," Schiff said.

Responding to the news of the breach, industry experts have said that this is a targeted attack against a nation and that other countries should understand the potential risks employee data can have if it gets into the wrong hands.

Gavin Millard, technical director of Tenable Network Security said that the UK Government has been proactive in this area by setting up a Cyber Essentials program, which helps organisations to protect themselves against common cyberattacks. "The UK Government has been aware of the risks associated with the huge amounts of data held on employees by themselves and external agencies for some time. They have been pushing an approach of reducing the risk of loss by focusing on foundational controls through their Cyber Essentials program, which is already having an impact with many external recruitment agencies gaining certification to enable them to place candidates."

Millard said that the Cyber Essentials scheme "should enable organisations to drive security improvement through businesses that haven't historically taken data loss as seriously as they should. Good cyber hygiene - through ensuring vulnerable systems are identified and patched in a timely manner, systems are configured to be secure, user and network access controls are sound and finally malware defence is deployed and up to date, will reduce the risk of data loss."

In November, a former Department of Homeland Security official disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.

CyberBanner

Log in Register

Please Login to download this file

Username *
Password *
Remember Me

CyberBanner

CyberBanner

CyberBanner

Go to top