Big data breach to state dept still unpatched, no encryption the cause
One of the largest data breaches to happen to a state agency in which hackers stole 3.8 million Social Security numbers, 3.3 million bank account numbers and information on 700,000 businesses is still not close to being secured four months after the initial attack.
According to USA Today, full encryption of the department's data files is months away from completion. Officials are waiting on a consultant to be hired to begin an overall security assessment, and lawmakers are waiting on a final report before deciding how much money will be spent in protecting taxpayer data among its agencies.
The Greenville online noted that the first breach occurred after an employee opened a phishing email, which allowed the hacker access to the department's data system. Over a period of weeks, the hacker painstakingly combed the department's system remotely by using the stolen employee's credentials. After a thoroughly going through the system, the hacker was able to acquire data files totaling 74 GB over the course of two days.
Lack of encryption blamed for theft
Despite the fact that agencies collecting sensitive and financial information are often high-profile cyberattack targets, the state agency failed to encrypt all of its stored information, despite previous recommendations by security experts.
Compounding the problem of the data breach, the department also failed to encrypt its computer hardware, and it did not use the free state network monitoring service to detect any malware presence.
As is often the case with government data breaches, politicians have been busy deflecting responsibility and assigning blame rather than focus on correcting the solution. Four months later, security experts acknowledge that security gaps still exist within the department's system.
One lesson businesses, developers and governments can take away from this episode is that data encryption and cryptographic technologies go a long way toward protecting data. Thawte is a trusted leader in computer security. Stop by today to get the latest in SSL certificates.