The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people.
“The Department recently detected activity of concern in its unclassified email system, affecting less than 1 per cent of employee inboxes. Like any large organization with a global presence, we know the Department is a constant target for cyber attacks,” states the US State Department.
“We have not detected activity of concern in the Department’s classified email system. We determined that certain employees’ personally identifiable information (PII) may have been exposed. We have already notified those employees.”
The security breach affected an unclassified email system at the State Department, the news of the hack came to light after Politico obtained a “Sensitive but Unclassified” notice about the incident.
“This is an ongoing investigation, and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.” a State Department spokesperson told Politico.
“We will reach out to any additional impacted employees as needed.”
After the Agency noticed the “suspicious activity” in its email system notified the incident to a number of employees whose personal information may have been compromised.
US State Department didn’t reveal which kind of data had been accessed by attackers, at the time of writing we only know that no classified information had been exposed.
The Agency claimed it took steps to secure its system, and it is offering three years of credit and identity theft monitoring to the affected employees.
A group of senators wrote to Secretary of State Mike Pompeo last week raising concerns that the department did not meet federal standards for cybersecurity and questioning its resilience to cyber attacks.
“Sens. Ron Wyden (D-Ore.), Rand Paul (R-Ky.), Ed Markey (D-Mass.), Jeanne Shaheen (D-N.H.) and Cory Gardner (R-Colo.) asked Pompeo for an update on what the State Department has done to address its “high risk” designation, and how many cyberattacks the department had been subject to abroad in the last three years.” reported TheHill.
“Pompeo was asked to respond by Oct. 12.”
(Security Affairs – US State Department, Data Breach)