US Defence Agency Notifies Users of Serious Breach


A US government agency that provides communications to the White House with security has notified individuals of a data breach. This breach could have compromised their personal information. The Defence Information Systems Agency (DISA), which also offers the President, Vice-President, US Secret Service, Joint Chiefs of Staff and more with IT support, employs around 8,000 military and civilian staff.

However, a letter from its CIO, Roger Greenwell, revealed that private details including Social Security numbers may have been breached “on a system hosted by DISA.”

“While there is no evidence to suggest that your PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised,” it continued.

There are very few additional details regarding the information, such as which systems were affected, how and by whom. As well as this, it is unclear whether the incident is affected by just DISA employees or a wider base of those who use its services. Some reports have speculated that up to 200,000 could be involved.

The breach is said to have taken place between May and July 2019.

The agency is dealing with the situation by offering free credit monitoring to those affected. On top of this, it has implemented additional security measures “to prevent future incidents,” as well as adopting “new protocols” to improve the protection of PII.

Chris Morales, head of security analytics at Vectra, said that if it is possible for a US defence agency to be compromised then “anyone can.”

“Every network is complex and human error is common regardless of the level of organization. The information compromised seems to be non-critical to the function of the DoD — although very personal and private to the people compromised — so it may have been an external database without the same level of controls as internal secret information,” he added.

“It is an unfortunate situation and another in a long list of breaches as we head into 2020. Organizations need to get better at how long it takes to be aware of a compromise and how quickly they can respond. Visibility into how systems are used is key.”

Join us for GovSec 2020

Whitehall Media’s award-winning 7th annual GovSec conference aims to enable the government to function effectively, safely and securely through improved IT and information security to protect the vital services provided by the central government, local councils and the NHS. The all-day conference explores how public sector organisations and professionals can make sense of securing their functions in a rapidly changing environment.