White House Data Breach

Malicious actors have penetrated the networks of the Department of Defense (DoD) agency tasked with securing and managing electronic communications for the White House. They have leaked personally identifiable information (PII) of White House staff, including Donald Trump and Mike Pence, which raises major red flags about the security of communications among U.S. officials as the 2020 election gets underway.

On Friday, the data breach became public via a report from Reuters when they confirmed that affected parties at the Defense Information Systems Agency (DISA) had been sent letters informing them of the breach.

DISA Command Flow Chart for White House Security Operations

DISA Operations Flow Chart

DISA acts as a provider of telecommunications and IT management for the President and other White House executive staff. This includes the U.S. Secret Service, the chairman of the Joint Chiefs of Staff and other senior members of the

armed forces, according to the agency’s website.

DISA employs about 8,000 people, including military and civilians, but is known to contract some private companies that have federal contractor certifications. Interestingly, DISA was part of the task force that helped reform the government contractor security clearance process following the U.S. Office of Personnel Management attacks in 2014 and 2015. Those breaches compromised the records of about 21 million government employees, and the current DISA breach is estimated at 200,000, according to Forbes.

Notification documents started to leak onto social media over the weekend, stating, “During the May to July 2019 time frame, some of your personal information, including your social security number, may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency.” The letter was signed by Roger Greenwell, DISA CIO and risk management executive.

DISA Disclosure Letter about White House Data Breach. From Roger Greenwell.

Letter from Officer Roger Greenwell

DISA does not believe that any data from the breach has been misused, according to the letter, but these sorts of data breaches are not typically about the data used immediately after the attacks. Instead, malicious acts against nations tend to be just a small part of a broader attack. Use of breached data can go on for years as malicious actors engage in on-going spear phishing attacks and data mining operations to work their way deeper into secure systems.

With the stolen data, talented hackers can work their way into the most secure environments – exposing critical data to the nation’s security.

“We take this potential data compromise very seriously,” Greenwell wrote. “As a result we have put additional security measures in place to prevent future incidents and we are adopting new protocols to increase protection of all PII.”

The nature of those additional security measures has not been disclosed, but DISA is going forward under the assumption that the attack was state-sponsored.

“No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees with admin access to highly sensitive networks,” Rosa Smothers, senior vice president of cyber operations, KnowBe4, said in an email. “It’s a painful irony that the agency charged with providing secure comms for the White House has fallen victim to a data breach.”

The breach will likely have serious implications for the upcoming presidential election.

With the memory of “Russian Hackers” alleged meddling in the 2016 election, the electoral consequences of international cybercrime are still very much on the minds of American voters. If there is one thing the United States does not need right now, it is a major undermining of the integrity of the vote.

At GoVanguard, we recommend a systematic approach to information security. Carefully and simply implemented security protocols can minimize the risk of exposure to data breaches and the penalties that proceed them. In order to stop malicious attacks from state actors to undermine the integrity of U.S. elections and the Republic itself, compliance protocols must be in place. That is why we have a rigorous cybersecurity risk assessment and program implementation regimen in place!

Reach out to us today and see how easy it is take control of your security to keep the nation secure.