Hackers have compromised the Department of Defense (DoD) agency in charge of securing and managing communications for the White House, leaking personally identifiable information (PII) of employees and leading to concerns over the safety of the communications of top-level U.S. officials in the run-up to the 2020 presidential election.
Reuters first reported the data breach at the Defense Information Systems Agency (DISA), part of the DoD, on Friday, citing letters seen by the news outlet that were sent to people allegedly affected by the breach.
DISA, headquartered at Fort Meade in Maryland, provides direct telecommunications and IT support for President Trump, Vice President Mike Pence and their staff, as well as the U.S. Secret Service, the chairman of the Joint Chiefs of Staff and other senior members of the armed forces, according to the agency’s website.
Last week Andy Piazza, chief evangelist with phia LLC—a security firm specializing in cyber defense and cyber intelligence operating in the Washington area—posted on Twitter a photo of one of the letters, which was dated Feb. 11.
“During the May to July 2019 time frame, some of your personal information, including your social security number, may have been compromised in a data breach on a system hosted by the Defense Information Systems Agency,” states the letter, signed by Roger Greenwell, DISA CIO and risk management executive.
Piazza’s comment accompanying the letter suggests this is not the first time DISA has experienced a breach, pointing to a persistent problem in security at the agency that handles some of the most sensitive information in the world.
DISA employs about 8,000 military and civilians, but also works with private companies that have certifications to work as federal contractors.
The agency also was part of the task force that helped reform the government security clearance process following digital break-ins at the U.S. Office of Personnel Management in 2014 and 2015, according to Reuters. That breach resulted in the compromise of records belonging to more than 21 million current and former government employees.
At this time it’s unclear how many people may have been affected by the DISA breach, although a separate report said it could be as many as 200,000.
DISA does not believe that any data from the breach has been misused, Greenwell wrote. However, it is still taking steps to mitigate further breaches, according to the letter.
“We take this potential data compromise very seriously,” Greenwell wrote. “As a result we have put additional security measures in place to prevent future incidents and we are adopting new protocols to increase protection of all PII.”
Still, the breach is troubling on a number of levels. While DISA has not disclosed specifics on the leak in terms of the type of compromise and system affected, one expert suggested the threat actors were probably working on behalf of a nation-state–given the target–and is probably planning more attacks.
“No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees with admin access to highly sensitive networks,” Rosa Smothers, senior vice president of cyber operations, KnowBe4, said in an email to Threatpost. “It’s a painful irony that the agency charged with providing secure comms for the White House has fallen victim to a data breach.”
The hack also could have grave implications for the upcoming presidential election, especially with the memory of Russian interference in 2016 still fresh in many minds. There already has been evidence that an Iran-based state-sponsored group tried to hack email accounts belonging to President Trump’s 2020 re-election campaign, which is just one of the numerous threats that currently exist that could undermine the integrity of the vote come November.