Commentary on DoD data breach from Chris Morales, Vectra
February 2020 by Chris Morales, head of security analytics at Vectra
Yesterday there was news that the Department of Defense was hit with a data breach. The personal data of about 200,000 people, including names and Social Security numbers, may have been compromised, though the agency said it has no evidence data was stolen. The breach was disclosed in a letter to those who were affected. The breach occurred between May and July 2019 on a system hosted by the Defense Information Systems Agency (DISA).
Following this news, Chris Morales, head of security analytics at Vectra, has provided his thoughts:
“We don’t know if the Department of Defense knew about the breach and didn’t share details, or if they only just discovered the breach.
The thought that comes to mind immediately here is that if the Department of Defense can be compromised, that anyone can. Every network is complex and human error is common regardless of the level of organisation.
The information compromised seems to be non-critical to the function of the DoD (although very personal and private to the people compromised) so it may have been an external database without the same level of controls as internal secret information.
It is an unfortunate situation and another in a long list of breaches as we head into 2020. Organisations need to get better at how long it takes to be aware of a compromise and how quickly they can respond. Visibility to how systems are used is key.”