The State Department was hit with an email breach which exposed the personal information of some of its employees.
The agency sent a notice dated Sept. 7 which described the incident as “activity of concern … affecting less than 1% of employee inboxes” adding the breach did not affect the agency’s classified email server, according to Politico.
“Governments and online companies that provide services online must secure all the links in their security chain,” Ryan Wilk, Vice President of Customer Success for NuData Security said. “Bad actors look for the weakest point to access information, so companies have to be extra diligent in keeping their security up to date on all placements.”
Wilk added companies that identify users online, need to devalue the data that bad actors steal and use to misrepresent legitimate users – like they do in account takeover attacks.
He said that personally identifiable information such as names and passwords become valueless to cybercriminals when organization create a new authentication framework that identifies customers by their online behavior instead of relying on credentials.
This will allow them to still recognize the person behind the device or block transactions altogether when fraud is detected. The department did not say whether or not they knew who was behind the breach.