[ad]
Ahah! More government cover-ups? This one was a while back too.
Digging on those archives right now yah.
A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department’s nuclear weapons agency, scary eh?
The US government security really does scare me sometimes, their internal departments have some of the lowest IT security scores…there are SO many data leaks and successful hacks, I mean I appreciate they have a sprawling infrastructure which makes it hard to maintain, but please, at least try?
For example Homeland Security scored an F again for Internal Security.
And this time it was covered up..
But the incident, somewhat similar to recent problems at the Veterans Affairs Department, was last September yet senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said.
The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, New Mexico. The file contained information about contract workers throughout the agency’s nuclear weapons complex, a department spokesman said.
NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month.
It was as always blamed on ‘miscommunication’ but it’s bullshit as the people involved meet every day..
The oversight and investigations subcommittee learnt of this and launched their panel into action.
The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE’s inspector general, told the committee. But he said that while improvements have been made, “significant weaknesses continue to exist,” making the unclassified computer system vulnerable to hackers.
Last fall, a so-called “Red Team” of DOE computer specialists — seeking to test the security safeguards — succeeded in hacking into and gaining control of a DOE facility’s computer system, the panel was told.
“We had access to sensitive data including financial and personal data…. We basically had domain control,” said Glenn Podonsky, director of DOE’s Security and Safety Performance Assessment. “We were able to get passwords, go from one account to another.”
Perhaps they really do need some lessons?
Source: Wired
fever says
too many people who refuse to come into the 21 century as far as IT sec is concerned.