Defence Information Systems Agency (DISA), have sent a urgent warning out to its users that their personal information could have been compromised after a serious data breach which is believed to have taken place in the months of May and July 2019.
DISA, who also send out secure communications for the White House, triggered their security alarm after receiving a letter from the CIO Roger Greenwell last week, notifying that details including Social Security numbers may have been breached on one of DISA's systems. Despite their being no sufficient evidence of the apparent breach, DISA still plan to let their users know that their personal data (PII) could have fallen into the wrong hands.
As well as working for the White House, DISA also provide IT support to the US Secret Service, Joint Chiefs of Staff and others. DISA is now providing free credit monitoring to those whose data might be comprised. It has now put in place extra security methods “to prevent future incidents,” as well as adopting “new protocols” to improve protection of PII.
Chris Morales, head of security analytics at Vectra, has said awareness of breaches like this needs to be improved for any future threats.“It is an unfortunate situation and another in a long list of breaches as we head into 2020. Organisations need to get better at how long it takes to be aware of a compromise and how quickly they can respond. Visibility into how systems are used is key.”
Reports have indicated that around 200,000 users could be affected. These could range from DISA employees to users that rely on DISA services. Despite these reports on the current threat towards DISA, the two key questions that still have not been answered are: who exactly carried this out; and even more importantly why?