The State Department recently suffered a data breach in which the personal information on a small amount of employees was exposed.
According to a report in POLITICO, citing a notice sent to the State Department’s employees, the government agency described the breach as “activity of concern” that affected less than 1 percent of employee email inboxes. The alert was confirmed to POLITICO by two U.S. officials.
“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the alert said. “We have notified those employees.” The report noted that the State Department has previously faced criticism for having lax cybersecurity protection. Last week, a bipartisan group of senators sent Secretary of State Mike Pompeo a letter asking how the department was responding to the criticism. The report noted that Pompeo hasn’t responded to the letter.
“This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment,” Nicole Thompson, a spokesperson for the State Department, told POLITICO. The report noted that the State Department has long been a target for hackers, particularly those working for governments outside the U.S.
In March of 2016, a former State Department employee was sentenced to 57 months in prison as punishment for an international email phishing, hacking and cyberstalking scheme that ensnared hundreds of victims, both in the United States and abroad. As noted in a release by the Justice Department at the time, Michael C. Ford was sentenced in the Northern District of Georgia. Ford pled guilty in December of last year to nine counts of cyberstalking, along with another seven counts of computer hacking to extort and one count of wire fraud. Ford admitted that, in the timeframe of Jan. 2013 to May 2015, during a tenure of employment at the U.S. embassy in London, he took on various online aliases to commit the aforementioned crimes, with the addition of “sextortion” campaigns that led to victims providing Ford with personal information and, in some cases, sexually explicit videos. He typically targeted females, some of them in college.