Here’s Mandiant’s report on the breach at the South Carolina Department of Revenue. From the Executive Summary, a summary of the attack: Summary of the Attack A high level understanding of the most important aspects of the compromise are detailed below. 1. August 13, 2012: A malicious (phishing) email was sent to multiple Department of…
Category: Government Sector
Security breach after photos of Prince William shared online
TVNZ reports: Photographs showing a day in the life of Prince William posted online by St James’ s Palace have caused an embarrassing security blunder for the Ministry of Defence in the United Kingdom. The ministry was yesterday forced to reset the user names and computer passwords of dozens of Royal Air Force staff after…
PK: Crucial data from Balochistan prison chief’s office stolen
Essa Tareen of News Tribe reports: The credibility of government’s information system is being questioned after important data was stolen from the office of Balochistan Inspector General of Prisons. According to sources, the data was stored in the hard disks of the computer situated inside the office of the IG. The data related to the…
Haley: SCDOR hacking may not have been preventable
Color me stunned. In one breath, Governor Haley says that even with what is known now, there is “no way to say it could have been prevented.” Then we learn that investigators “believe that a hacker tricked someone at the Department of Revenue into opening a file that gave the hacker access to the system.”…
Agencywide Message to All NASA Employees: Breach of Personally Identifiable Information
SpaceRef posted a breach notification from NASA, dated today: […] On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee’s locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the…
Chicago election site exposed personal information
John Byrne and Hal Dardick report: Chicago election board officials confirmed Tuesday that sensitive personal information for about 1,200 people was exposed online but denied allegations by a computer security firm that the breach was much broader. The firm, Forensicon, announced it uncovered the problem while researching voting patterns. It alleged that personal information of…