The latest government data breach affected State Department employee emails. On September 7th, workers were notified that their personally identifiable information was obtained by an unnamed actor, according to a recent report from Politico. It apparently impacted “less than one percent” of employees and direct victims of the breach were alerted at the time. Apparently, this didn’t affect classified information, so at least there’s that.
In a statement to Politico the State Department confirmed the breach and said that it was working with other government agencies to determine the source of the attack, in addition to tapping a firm from the private sector to aid the investigation.
Tuesday morning, news came out that Government Payment Service — more or less an online clearing house local governments use for accepting funds — compromised 14 million customer records dating back some six years. From the sounds of it, the State department breach is much narrower in scope, at least. That doesn’t change Uncle Sam’s reputation for digital security though, nor does it reverse the breach regardless of how small it may have been.
TechCrunch reports that two-factor authentication is only in place on around 11 percent of required devices at the State Department, citing a study from earlier this year. The wheels of bureaucracy move slow, sure, but that doesn’t mean we should simply accept our government’s willingness to wallow in ineptitude and let hackers make away with sensitive data.