author photo
By Bruce Sussman
Fri | Feb 21, 2020 | 8:21 AM PST

When cybersecurity professional Andy Piazza received a data breach notification letter from the Department of Defense, he posted it on Twitter.

DISA-data-breach-letter
Someone then asked him, which U.S. government data breach is this from? Here was his response:

"Interestingly enough, I can't think of one that was public and the letter doesn't specify other than a timeframe"

Perhaps the letter didn't specify because it was a breach of the agency that oversees White House Communications with the U.S. military.

BBC confirms DoD data breach

The BBC reached out to the U.S. Department of Defense and learned that Piazza's letter was related to the breach of a small but crucial government agency:

"The US Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.

The agency oversees military communications including calls for US President Donald Trump.

The data exposed included names and social security numbers.

The agency is responsible for the military cyber-security and it sets up communications networks in combat zones."

With most U.S. Social Security numbers already available for sale or trade on the Dark Web, we'll take this breach as another sign that the difference between cyberwar and physical war is fading.

We'd sure like to know how long hackers were in the DISA network and what kind of lateral moves they were able to make.

For example, in the Equifax mega-breach, newly unsealed court documents revealed that Chinese nation-state hackers found valid service credentials on the Equifax network after the initial breach, which allowed them to gain even greater access. Click to read Equifax Hackers Charged: How the Chinese Did It for more.

This is common hacker practice. And it makes us wonder about the damage done at DISA.

Department of Defense data breaches are growing

Just like we're seeing in the private sector, the number of breach notifications are increasing from government agencies, as well.

One thing Andy Piazza points out on Twitter is that this is turning into a game of Pokemon.

"Awesome. Got another #PII #breach letter from DoD. Is this like pokemon where I want to catch them all?"

[RELATED: Trump and Kim Are Magnets for Malware]

Comments