CIA Director John Brennan’s personal @AOL.com email account was hacked into by a high school student and his personal information was exposed on WikiLeaks on October 21, 2015. They published his Social Security numbers, passport numbers, credit card and addresses of his family and associates. In addition, they released emails and documents generated before Brennan’s time in the Obama administration and while it did not contain classified government information, this has triggered great concern within the intelligence community and U.S. Government.
The recent Ashley Madison hack doesn’t just have divorce attorneys and spouses scrambling. Federal, municipal and plenty of private sector employers are all on high alert. And they should be.
The IRS has announced that over 104,000 taxpayers have had their personal data stolen, including names, dates of birth, and social security numbers, as the result of a data breach last month. The repercussions of this data breach have been severe for those affected, as hackers have already been able to use the stolen past tax returns to submit fraudulent tax returns under their stolen identity and direct the tax refunds to prepaid debit cards. As a result of government data breaches, the IRS has announced that over 200,000 tax returns were received from “questionable” email domains, and it is estimated that 100,000 were able to clear the IRS’ authentication system.
We often hear from the public sector that web-based attacks that occur at companies like Adobe, Forbes, Sony, or Anthem are not their problem. Public Sector organizations secure their own networks with the best hardware, detection software, and penetration testing, and have in place stringent rules about passwords and top-notch use policies that ensure they are safe. In every case, the security chain is only as strong as its weakest link.
The Internet Crime Complaint Center (IC3), which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), was designed to expand the reach of law enforcement on the local, state, and federal levels to combat against cyber attacks.