US State Department confirms: Unclassified staff email boxes hacked

Pompeo's peeps get free credit monitoring after some inboxes cracked open, data swiped

The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees.

Uncle Sam's officials said in a statement to The Register on Tuesday that "suspicious activity" in its email system led it to send out warnings to a number of employees whose personal information may have been exposed to network intruders.

However, it didn't specify exactly what information had been accessed, though it noted that no classified data had been accessed – those documents are transmitted through a separate email system.

"The Department recently detected activity of concern in its unclassified email system, affecting less than 1 per cent of employee inboxes. Like any large organization with a global presence, we know the Department is a constant target for cyber attacks," El Reg was told.

"We have not detected activity of concern in the Department’s classified email system. We determined that certain employees’ personally identifiable information (PII) may have been exposed. We have already notified those employees."

arrest

Chinese chap collared, charged over massive US Office of Personnel Management hack

READ MORE

The State Department has promised to foot the bill for three years of credit and identity theft monitoring to those workers. According to its own estimates, the State Department employs around 69,000 people, meaning if the numbers are to be believed somewhere around 600-700 people were impacted by this incident.

So far, there is no word on who might have been responsible for the network breach and when they might have done it.

"This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment," the State Department said.

"We will reach out to any additional impacted employees as needed."

As it stands, this will not shape up to be a major data loss on the scale of, say, the 2015 OPM network breach, when hackers made off with more than 25 million government employee personnel records. ®




Biting the hand that feeds IT © 1998–2018