[BreachExchange] DISA Confirms Data Breach Affecting 200, 000 People

[Destry Winant]

https://www.nextgov.com/cybersecurity/2020/02/disa-confirms-data-breach-affecting-200000-people/163258/

The Defense Department’s technical arm suffered a data breach last
summer that may have exposed Social Security numbers and other
personally identifiable information of more than 200,000 people.

First reported by Reuters, the Defense Information Systems Agency
acknowledged the breach in letters to affected employees this week
dated Feb. 11—some of which ended up on social media—and said the
breach occurred sometime between the May to July 2019 timeframe.

“While there is no evidence to suggest that any of the potentially
compromised PII was misused, DISA policy requires the agency to notify
individuals whose personal data may have been compromised,” Defense
Department spokesman Charles Pritchard told Nextgov in a statement.
“Individuals possibly affected by this incident will receive letters
containing initial notification of the situation. They will
subsequently receive additional correspondence with information about
actions that can be taken to mitigate possible negative impacts.”

DISA, which provides secure communications for the president, vice
president and other senior White House staff, did not disclose which
system was breached, the perpetrators or who may have had their data
compromised. Roger Greenwell, DISA’s chief risk officer and chief
information officer, said in letters to potential breach victims that
the agency has “put additional security measures in place to prevent
future incidents and we are adopting new protocols to increase
protection of all PII.”

In a statement, Pritchard said the Defense Department “has conducted a
thorough investigation of this incident and taken appropriate measures
to secure the network.”