SIS Blog

The 4 Most Critical Government-Level Security Breaches of the Last Decade (And What We Learned)

by | Aug 19, 2021

Government systems can be complex. There’s a massive account of data to manage—much of it highly sensitive. Add to that the regulatory and compliance related requirements for government offices and government partners and things get even more complicated quickly.

Those complexities make government agencies vulnerable to data breaches, ransomware and other rising cyber threats.

Over the last decade, threat vectors have expanded and four critical government-level security breaches stand out. Here’s a look into those incidents, the cause and key takeaways.

Why Cybersecurity Is So Critical for Government Agencies

We’re well beyond the time when there was any question about the dangers cyber-criminals pose. The average cost of a breach in 2020 was pegged at $3.86 million. And that doesn’t even take into account damage to an organization’s reputation, loss from business continuity and even penalties levied from cyber-attacks.

Government offices are particularly attractive targets for cybercriminals. After all, government systems are full of sensitive data. Plus, there are more than a few would-be cybercriminals looking to make political statements via cyberattack.

RELATED: 4 Challenges to Real-Time Security Monitoring (And Ways to Overcome Them)

Looking Back at Cybersecurity Breaches

The more devious the breach tactics employed by cybercriminals; the more sophisticated mitigation strategies need to become. Previous breaches give us valuable information about how cybercriminals work.

Here are four of the most significant recent government-level cybersecurity breaches and what we can learned.

1.  United States Postal Service 2018

Over 60 million records of user data were left exposed for more than one year. Records could be read and amended by anyone with a USPS account.

What Was the Cause?

An authentication failure was identified in the USPS Application Programming Interface (API). A researcher discovered that the API was programmed to accept “wildcard” searches. Individuals simply needed to log into the USPS public system and initiate a query to access records.

A researcher reported flagging this issue more than a year before the USPS fixed it.

What Can We Learn?

We need to examine and assess APIs, as well as all systems and software touching the network, to ensure ongoing security. We also need to be ready to make changes and modifications on an ongoing basis without delay.

YOU MIGHT ALSO LIKE: Alarm Monitoring Best Practices: Creating Efficient Processes

2.  National Security Agency 2019

A National Security Agency contractor stole 50 terabytes of government files from the NSA. The files were later found in the contractor’s home and car but had not been leaked.

What Was the Cause?

Harold Martin worked for Booz Allen Hamilton, a subcontractor to the NSA. During the course of his work, he had access to top-secret government files, including those dedicated to national security.

Martin was able to take files to his home to study. He used this access clearance to steal vast amounts of government data. He was eventually sentenced to nine years in prison.

What Can We Learn?

Contractors and hires need to be thoroughly vetted in a consistent method according to established company policy. Policies and procedures need to prevent unauthorized access to information. High-security areas need to incorporate two-factor authentication for access control and facial recognition or biometrics as another step for protection of digital assets. Tracking and monitoring of access to computers and network programs should identify physical breaches and intrusions immediately—and report those to management for response.

3.  California Secretary of State 2017

Cybercriminals stole at least 17 million voter records and held this data for ransom. The records related to voters in the state of California. It included names, addresses and other personally identifiable information. As many as 19.2 million records were targeted.

What Was the Cause?

Cyber hackers found that the systems designed to protect voter data were too weak. This meant they could access and view the information before copying it to their own database and locking the system.

Hackers could have sold this information for fraudulent purposes. Instead, they decided to carry out a ransomware attack. The hackers demanded they pay a fee to release the information. The ransom was paid in Bitcoin.

Investigators did not uncover the identity of the attacker. Nor did they discover whether or not the information had been sold or leaked elsewhere.

What Can We Learn?

Organizations need to implement comprehensive ransomware defenses and train employees to recognize phishing attempts and other potential signs of a takeover. These defenses include robust, automated protection of data and policies for dealing with malicious actors.

Ransomware attacks are a growing threat. And businesses need to prepare.

YOU MIGHT ALSO LIKE: Integrating IT and Physical Security

4.  GovPayNow 2018

Government Payment Service Inc. leaked more than six years’ worth of customer data.

The organization operated a government payment portal and regularly handled transactions for customers. Data included names and addresses, as well as personal credit card information. It is estimated that more than 14 million records were breached.

What Was the Cause?

A coding issue within the portal system enabled the viewing of customer receipts. This issue was quickly noted and brought to the attention of management. However, it took a long time for action to be taken.

Systematic failures have been blamed for exacerbating the problem. While the issue was picked up as early as 2012, the problem persisted up until 2018.

What Can We Learn?

Penetration testing or pen tests needs to be a key aspect of security. With this approach special cybersecurity teams are deployed to examine, test and assess the integrity of the security system. If there is a security issue, teams need to know what actions to take immediately. They need to patch any security flaws and recommence testing to ensure the problem is fixed.

Wrapping Up

Government data storage needs to be secure. Incredibly secure and in compliance with regulations and policies.

Unfortunately, even with the highest levels of cybersecurity protection, cybercriminals still find ways into government systems and their attacks have become more sophisticated. Looking at some of the worst breaches over the last decade gives us valuable insight into how these criminals think.

As soon as we close one loophole, cybercriminals will start looking for another attack vector. The job of maintaining security is never done, but it too must evolve as cyber criminals continue to step up their game.

KEEP READING: Outdated Technology Could Be Hurting Your Security

View More Posts

Legacy Security System

Legacy System Integration: When You Just Can’t Say Goodbye

Integrate updates seamlessly and effectively with a plan, first examining why you need to integrate (benefits and pitfalls), potential issues that can arise and work to build a strategy from there.
Read The Rest
Risk Management

Integrating Cybersecurity Risk Management and Process Management

Leaders everywhere face increasing risks for their organizations. Balancing these risks are a key component of strategic planning. This article will identify challenges and offer solutions to balance.
Read The Rest
security monitoring

4 Challenges to Real-Time Security Monitoring (And Ways to Overcome Them)

Real-time monitoring is a critical part of your overall security strategy. Here are 4 challenges to real-time security monitoring, as well as the steps needed to mitigate them.
Read The Rest