SIS Blog

The 4 Most Critical Government-Level Security Breaches of the Last Decade (and What We Learned)

by | Aug 19, 2021

Government systems are complex. There’s a massive account of data to manage—much of it confidential. Add to that regulatory and compliance-related requirements for government offices and government partners and things get even more complicated. These complexities make agencies especially vulnerable to government security breaches, ransomware and other rising cyber threats.

Why Cybersecurity Is So Critical for Government Agencies

There’s no argument about the dangers posed by cybercriminals. The average cost of a breach in 2020 was pegged at $3.86 million. And that doesn’t even take into account damage to an organization’s reputation, loss from business continuity, and even penalties levied from cyber-attacks.

Government offices are particularly attractive targets for cyber crime. After all, government systems are full of sensitive data. Plus, there are more than a few would-be cybercriminals looking to make political statements via cyberattack.

RELATED: 4 Challenges to Real-Time Security Monitoring (And Ways to Overcome Them)

Looking Back at Cybersecurity Breaches

The more devious the breach tactics employed by cybercriminals; the more sophisticated mitigation strategies need to become. Previous breaches give us valuable information about how cybercriminals work.

Over the last decade, threat vectors have expanded and four critical government-level security breaches stand out. Here’s a look into those incidents, the cause, and key takeaways.

1.  United States Postal Service 2018

Over 60 million records of user data were left exposed for more than one year. Records could be read and amended by anyone with a USPS account.

What Was the Cause?

An authentication failure was identified in the USPS Application Programming Interface (API). A researcher discovered that the API was programmed to accept “wildcard” searches. Individuals simply needed to log into the USPS public system and initiate a query to access records.

A researcher reported flagging this issue more than a year before the USPS fixed it.

What Can We Learn?

We need to examine and assess APIs, as well as all systems and software touching the network, to ensure ongoing security. We also need to be ready to make changes and modifications on an ongoing basis without delay.

YOU MIGHT ALSO LIKE: Alarm Monitoring Best Practices: Creating Efficient Processes

2.  National Security Agency 2019

A National Security Agency contractor stole 50 terabytes of government files from the NSA. The files were later found in the contractor’s home and car but had not been leaked.

What Was the Cause?

Harold Martin worked for Booz Allen Hamilton, a subcontractor to the NSA. During the course of his work, he had access to top-secret government files, including those dedicated to national security.

Martin was able to take files to his home to study. He used this access clearance to steal vast amounts of government data. He was eventually sentenced to nine years in prison.

What Can We Learn?

Contractors and hires need to be thoroughly vetted in a consistent method according to established company policy. Policies and procedures need to prevent unauthorized access to information. High-security areas need to incorporate two-factor authentication for access control and facial recognition or biometrics as another step for protection of digital assets. Tracking and monitoring of access to computers and network programs should identify physical breaches and intrusions immediately—and report those to management for response.

3.  California Secretary of State 2017

Cybercriminals stole at least 17 million voter records and held this data for ransom. The records related to voters in the state of California. It included names, addresses and other personally identifiable information. As many as 19.2 million records were targeted.

What Was the Cause?

Hackers found that the systems designed to protect voter data were too weak. This meant they could access and view the information before copying it to their own database and locking the system.

Although they could have sold this information for fraudulent purposes, the hackers decided to carry out a ransomware attack, demanding a fee to release the information. The ransom was paid in Bitcoin.

Investigators did not uncover the identity of the attacker. Nor did they discover whether or not the information had been sold or leaked elsewhere.

What Can We Learn?

Organizations need to implement comprehensive ransomware defenses and train employees to recognize phishing attempts and other potential signs of a takeover. These defenses include robust, automated protection of data and policies for dealing with malicious actors.

Ransomware attacks are an ongoing threat and businesses need to be ready.

YOU MIGHT ALSO LIKE: Integrating IT and Physical Security

4.  GovPayNow 2018

Government Payment Service Inc. leaked more than six years’ worth of customer data.

The organization operated a government payment portal and regularly handled transactions for customers. Data included names and addresses, as well as personal credit card information. It is estimated more than 14 million records were breached.

What Was the Cause?

A coding issue within the portal system enabled the viewing of customer receipts. This issue was quickly noted and brought to the attention of management. However, it took a long time for action to be taken.

Systematic failures have been blamed for exacerbating the problem. While the issue was picked up as early as 2012, the problem persisted up until 2018.

What Can We Learn?

Penetration testing or pen tests needs to be a key aspect of security. With this approach special cybersecurity teams are deployed to examine, test and assess the integrity of the security system. If there is a security issue, teams need to know what actions to take immediately. They need to patch any security flaws and recommence testing to ensure the problem is fixed.

Wrapping Up

Government data storage needs to be incredibly secure and in compliance with regulations and policies.

Unfortunately, even with the highest levels of cybersecurity protection, cybercriminals still find ways into government systems and their attacks have become more sophisticated. Looking at some of the worst breaches over the last decade gives us valuable insight into how these criminals think.

As soon as we close one loophole, cybercriminals will start looking for another attack vector. The job of maintaining security is never done, but it too must evolve as cyber criminals continue to step up their game.

KEEP READING: Outdated Technology Could Be Hurting Your Security

View More Posts

a federal building outside view

The Role of Risk Management in Government Security Budgets

As a security professional, you might be dreaming of the top-notch security infrastructure you could create if only you were given unlimited time and resources. But it’s rare to have that luxury, especially if you’re working with a government security budget. In the real world, deploying your resources as effectively
a federal building in washington dc

How to Protect Your Government Agency From Insider Threats

Do you have a strategy for dealing with insider threats inside your government agency? Insider threats pose significant risks to organizations because they can compromise highly sensitive data, systems, and operations. And because of the nature of the work government agencies do, the repercussions of insider threats can be especially
security guard in front of monitors

Why It’s Essential to Prioritize Physical Security in a Digital World

In our time advising and partnering with government organizations over the decades, we have observed how budgets have shifted to embrace both the possibilities of digital innovation and the challenges of digital security. Advances in the fields of AI, smart cities, and the growing Internet of Things continue to shape