The Department of Defense Cyber Command issued notifications of a possible serious breach as the US State Department is the latest to fall victim to a cyber-attack. It is still unclear if any department operations were affected by the breach. But a source linked to the mass evacuation of thousands of Americans and Afghans from Kabul said Operation Allies Refuge has not been affected. The extent of the breach and the perpetrators behind the attack remain unclear. The Department’s spokesperson informed a news channel and said, “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cyber-security incidents at this time”.
However, the exact timing of the breach is still unknown. The news of the breach came just weeks after a Senate Homeland Security Committee report rated the department’s overall information security program as a “D” grade. It is the lowest possible rating within the federal government’s model. The report said the department’s security to be ineffective in 4 of 5 function areas and highlighted the fact that sensitive national security information was at risk. The Committee said names, dates of birth, and social security numbers used for passport vetting were among the sensitive information. The Committee added, “Auditors identified weaknesses related to State’s protection of sensitive information and noted the Department did not have an effective data protection and privacy program in place”.
The Senate earlier report pointed out that the State Department did not perform timely and required security assessments that were also addressed in a 2015 Inspector General report. Reuters also reported that the US State Department was recently hit by a major cyber-attack. However, it is unclear when the breach was discovered, but they believe it has happened a couple of weeks ago. The news agency also reported that the State Department’s ongoing mission to evacuate Americans and allied refugees from Afghanistan has not been affected. A spokesperson for the State Department said, “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cyber-security incidents at this time”.