image

632,000 DOJ And Pentagon Email Addresses breached!

The email addresses of about 632,000 employees from the Justice and Defense departments were accessed in a hack earlier this year, Bloomberg reported Monday, adding to the number of organizations—including airlines, universities and other U.S. agencies—impacted by a series of data breaches largely blamed on a Russian-speaking criminal group.

KEY FACTS

The accessed email addresses, links to government employee surveys administered by the agency and internal agency tracking codes, according to a report by the Office of Personnel Management obtained by Bloomberg.

Hackers obtained access through a file transfer program called MOVEit used by the data firm Westat, which OPM uses to administer employee surveys, according to the Bloomberg report.

Impacted employees at the Defense Department reportedly included officials from the Air Force, the Army, the Army Corps of Engineers, the Office of the Secretary of Defense and the Joint Staff.

The hack—which occurred on May 28 and May 29—was characterized by OPM as a “major incident,” according to Bloomberg, though the agency believed that compromised data was “generally of low sensitivity” and was not classified.

Neither the Justice Department nor the Defense Department immediately responded to requests for comment from Forbes.

KEY BACKGROUND

A massive data breach occurred earlier this year after hackers targeted weaknesses in the file transfer software MOVEit, which is used by several government agencies. Private companies and other government agencies have also been affected by data breaches, including Shell, the BBC, British Airways, Johns Hopkins University, the University of Georgia and the Energy Department. About a dozen U.S. agencies have contracts with MOVEit, according to Politico. The breaches have been blamed on the Russian-speaking ransomware group CLoP, which has taken credit for other hacks involving MOVEit. The group estimated its victims to be in the hundreds, according to the Associated Press. Jon Easterly, director of the Cybersecurity and Infrastructure Security Agency, said in June the hacks do not present a “systemic risk to our national security or our nation’s networks.”

BIG NUMBER

3.5 million. That’s the estimated number of Oregon residents who had their personal information exposed in a data breach at the Oregon Department of Transportation in June, according to the department. The information included social security numbers, dates of birth, physical addresses and other information listed on a driver’s license.