While it is basically never good news to wake up and find out one’s federal government has been successfully hacked, there is something much worse seeming about it when the two departments hacked are in charge of protecting the citizenry from things like cybercrime and terrorism. But that is the story Americans are waking up to today (Feb. 9), as news is breaking that both the Department of Justice and the Department of Homeland Security have suffered a data breach.
The latest attack has seen a cyberattacker make it out the digital door with the information of thousands of employees at the two departments. The goods news — such as there is any — is that only employee data was nabbed, but no other sensitive information seems to have been stolen.
According to reports from internal officials, the bulk of the data seems to have been drawn from government directories, which include employees’ email addresses, phone numbers and job titles.
The story first seems to have come to light when tech news site Motherboard reported on Sunday that it had been approached by a hacker claiming to have gotten hands on employee information on about 20,000 people at the FBI and 9,000 at the Department of Homeland Security.
The hacker noted the intention was to embarrass federal agencies into improving cybersecurity operations. He released his data yesterday afternoon.
Officials at the Justice Department and the Department of Homeland Security said they were examining the breach.
“There is no indication at this time that there is any breach of personally identifiable information,” said Peter Carr, a spokesman for the Justice Department. Marsha Catron, a Homeland Security spokeswoman, echoed that statement.
Investigators are also trying to figure out if there is a connection between this breach and an attack last fall that released the email addresses of Jeh Johnson, the Homeland Security secretary, and John O. Brennan, the CIA director. That hacker group expressed pro-Palestinian positions, as does this newest hacker.
The new breach does not appear to have resulted from an attack using an outside computer to penetrate the system. Instead, officials said, they believe that the intruder impersonated a government employee and used that information to get into other parts of the system.
A much bigger intrusion that targeted the Office of Personnel Management exposed security clearance dossiers and sensitive information for nearly 22 million Americans. Chinese hackers were thought to have been behind the attack, which was much more sweeping than officials initially acknowledged publicly last year.