The U.S. State Department said that some employees’ information might have been exposed in a recent security incident.
In a notice shared by Politico, the State Department disclosed that “activity of concern” on an email system might have exposed some employees’ personally identifiable information (PII). IT personnel inside the Department determined that the activity affected just one percent of employees inboxes. They also learned that the incident was confined to a single unclassified system.
The State Department revealed that it’s currently working with partner agencies to fully review its internal systems and learn more about what happened. In the meantime, it said it will be offering three years of free access to credit monitoring and identity theft protection services to affected employees.
The authors of the notice also took a moment to remind employees about the importance of maintaining a positive security culture at the State Department:
This is a good opportunity to remind everyone that we all play an important role in protecting Department information, especially when it comes to the use of secure and safe passwords, and reporting suspicious activity. All security-related threats must be reported to the DS Cyber Incident Response Team (DS/CIRT)…. In addition, we remind all employees to limit and be cautious about the amount of PII and other sensitive information transmitted over email, and ensure that emails containing PII are marked as “Official — Privacy/PII.”
This isn’t the first time the State Department has suffered a security incident that’s become known to the public. In 2014, a group of Russian hackers were responsible for breaching computer systems at the State Department along with an unclassified network at the White House.
These incidents highlight the importance of federal agencies taking steps to protect their networks against digital threats and ensure their compliance with federal regulations. Click here to learn how Tripwire can help.