Vulnerability disclosure policies eyed for federal contractors in Senate bill

The legislation from Sens. Warner and Lankford would require federal contractors to adhere to NIST’s guidelines on VDPs.

The post Vulnerability disclosure policies eyed for federal contractors in Senate bill appeared first on CyberScoop.

Continue reading Vulnerability disclosure policies eyed for federal contractors in Senate bill

Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds

A rise in breaches of federal agencies involving personally identifiable information in recent years highlights the ongoing challenge the federal government faces in protecting privacy

The post Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds appeared first on CyberScoop.

Continue reading Agencies don’t know what sensitive data new IT systems collect on Americans, GAO report finds

China could add new sets of genome data to espionage treasure trove, US officials warn

With coronavirus testing offering new avenues for collecting sensitive health data, U.S. intelligence officials have issued a fresh warning about Chinese government operatives’ alleged longstanding practice of using medical information for espionage. The public advisory released Monday by the U.S. National Counterintelligence and Security Center cautions that Beijing could pair DNA datasets with the millions of records thought to be in the hands of Chinese spies from the 2015 hacks of health insurer Anthem and the Office of Personnel Management, and the 2017 breach of credit-monitoring firm Equifax. (Beijing has repeatedly denied using hacking to steal sensitive data.) The concern is that Chinese authorities could use the data trove to extort or manipulate U.S. government officials or corporate executives. For example, the NCSC worries that Beijing could use knowledge of someone’s genetic vulnerability to addiction or past bouts with mental illness to coerce them into handing over U.S. government secrets. […]

The post China could add new sets of genome data to espionage treasure trove, US officials warn appeared first on CyberScoop.

Continue reading China could add new sets of genome data to espionage treasure trove, US officials warn

Senate investigation finds agencies ‘unprepared’ to protect Americans’ data

Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]

The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.

Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data

DOJ regrets the error on OPM-linked fraud case

The Department of Justice has apologized for confusion over its announcement last month that a fraudster used information stolen in the infamous 2015 Office of Personnel Management breach — an episode that confounded lawmakers and ran counter to publicly available information on the breach. The confusion began after DOJ announced on June 18 that a Maryland woman had pleaded guilty to using stolen OPM data to get car and personal loans. The public assumption had been – and still is – that Chinese hackers had stolen the data for espionage purposes. But DOJ now says that it hasn’t yet determined whether the woman and her accomplice got the data from the OPM breach or somewhere else. After an internal review, the U.S. Attorney’s Office for the Eastern District of Virginia appended a statement to its press release saying that “numerous victims” of the fraud self-identified as victims of the OPM breach. “The government […]

The post DOJ regrets the error on OPM-linked fraud case appeared first on Cyberscoop.

Continue reading DOJ regrets the error on OPM-linked fraud case

Lawmakers demand answers in wake of strange OPM identity fraud lawsuit

With mystery swirling around an identity theft case where prosecutors have claimed the perpetrators used personal information included in the Office of Personnel Management breach, two lawmakers are pushing the government for more information. A pair of letters sent this week by Sen. Mark Warner, D-Va., and Rep. Gerry Connolly, D-Va., to the heads of the Department of Justice and OPM issues a number of questions about the alleged identity fraud charges. The Virginia lawmakers are especially interested in learning how the defendants acquired the data. On June 18, the Eastern District of Virginia announced that a Maryland woman had pleaded guilty to identity theft charges. That press release initially said the data used in that crime was from the OPM breach. On June 21, the district issued a correction to their press release, stripping any mention of the breach. Virginia is home to the single largest population of federal […]

The post Lawmakers demand answers in wake of strange OPM identity fraud lawsuit appeared first on Cyberscoop.

Continue reading Lawmakers demand answers in wake of strange OPM identity fraud lawsuit

Capitol Hill staffers learn what really happens when there’s a data breach

In the past three years, U.S. lawmakers have struggled to nail down key details of how two of the biggest data breaches in history affected the public and private sectors. “How far back does your information database go that was compromised?” former Utah Rep. Jason Chaffetz demanded of then-Office of Personnel Management director Katherine Archuleta at a June 2015 hearing. Chaffetz berated Archuleta for failing to secure OPM’s IT systems, from which alleged Chinese hackers extracted data on 22 million current and former federal workers. “I just hope we get to the bottom of this…because this is a mess,” Rep. Ben Ray Luján, D-N.M., said in October after questioning former Equifax CEO Richard Smith on when he knew hackers had struck the credit-reporting firm. The breach compromised data on 148 million people. To try to demystify future breach-related discussions on Capitol Hill, cybersecurity firm FireEye held a quiet training session for roughly […]

The post Capitol Hill staffers learn what really happens when there’s a data breach appeared first on Cyberscoop.

Continue reading Capitol Hill staffers learn what really happens when there’s a data breach

Mulvaney: CFPB hit by over 200 data ‘lapses’

The head of the Consumer Financial Protection Bureau revealed Thursday that the agency had suffered some 240 “lapses” in data security over an unspecified time period, in addition to a suspected 800 other such incidents. “We have been able to document about 200-odd – I think 240 – lapses in our data security,” Acting CFPB Director Mick Mulvaney told the Senate Committee on Banking, Housing, and Urban Affairs during a hearing on the bureau’s semi-annual report to Congress. “Lapses – is that a breach?” Sen. David Perdue, R-Ga., asked Mulvaney during a tense exchange. “I think data got out that should not have gotten out,” Mulvaney replied, adding, “there’s another 800 [incidents] that we suspect that we haven’t been able to confirm.” As part of its mandate to protect consumers, the CFPB has the right to collect data on credit card transactions, mortgages, and car loans, Mulvaney said. “Everything that […]

The post Mulvaney: CFPB hit by over 200 data ‘lapses’ appeared first on Cyberscoop.

Continue reading Mulvaney: CFPB hit by over 200 data ‘lapses’

FBI Arrests Another Hacker Who Visited United States to Attend a Conference

The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials’ finger… Continue reading FBI Arrests Another Hacker Who Visited United States to Attend a Conference

FBI Arrests Another Hacker Who Visited United States to Attend a Conference

The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials’ finger… Continue reading FBI Arrests Another Hacker Who Visited United States to Attend a Conference