Federal law enforcement is investigating claims of an anonymous hacker allegedly infiltrating the personal email account of CIA Director John Brennan earlier this month.
According to a report by The New York Post, Brennan’s private AOL account contained sensitive information, including Social Security numbers and personal information of more than a dozen top American intelligence officials, as well as his 47-page application for top-secret security clearance.
Furthermore, the anonymous hacker told The New York Post in an interview that he had also gained access to the online Comcast account of Department of Homeland Security Secretary Jeh Johnson.
Twitter accounts supposedly controlled by the intruder, @phphax and @_CWA_, have since posted multiple screenshots of the purported documents, including Brennan’s alleged contact list and cell phone bill.
The FBI and the U.S. Secret Service are now investigating the hacker, who may face criminal charges, said law enforcement sources.
The report comes in the wake of much controversy over presidential candidate Hillary Clinton and her use of a personal email server during her tenure as Secretary of State.
Regardless of the politics involved, senior security analyst at Tripwire Ken Westin says the issue outlines challenges of “shadow IT,” either in government or the enterprise.
“When IT administrators do not have control of or access to systems and data, it is difficult to identify if sensitive data has been exposed, either directly or indirectly,” said Westin.
“The silver lining of [these issues] is that there has been increased visibility of the risks of political leaders running their own IT systems, which reflects stronger policy enforcement and detection in place to mitigate the risks of ‘shadow IT’ within the government, particularly amongst senior leaders with access to classified and sensitive data.”