- The data breach reportedly affected the State Department’s cloud-hosted unclassified email system.
- It is unclear whether the State Department has been able to determine the identity of the cybercriminals behind the attack.
The US State Department’s cloud-hosted unclassified email system reportedly suffered a breach recently. The State Department’s employees were sent an internal notification, informing them about the breach on September 7.
In its internal alert, the State Department said that the breach is an “activity of concern”. It also confirmed that the breach impacted less than 1 percent of employee inboxes. The State Department also said that the classified email system was not affected by the attack.
However, some staffers’ personally identifiable information (PII) is believed to have been exposed as a result of the breach. The State Department is offering the affected employees three years of free credit monitoring and other identity monitoring services as a precautionary measure.
A US official told Politico that the State Department has assembled a task force to investigate the incident. It is unclear whether the State Department has been able to determine the identity of the cybercriminals behind the attack and how it was orchestrated.
"This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment," State Department spokeswoman Nicole Thompson told Politico.
Meanwhile, last week, a bipartisan group of senators wrote a letter to Secretary of State Mike Pompeo that raised concerns about the State Department not being up to meeting the federal cybersecurity standards. The letter also raised concerns about whether the department is vulnerable to cyberattacks and urged for “more secure authentication mechanisms” to be implemented across the State Department.