The U.S. Agency for Global Media (USAGM) recently revealed that a phishing attack from December 2020 exposed the personal information of current and former employees and their beneficiaries, including full names and Social Security numbers.

usagm image heimdal security

Image Source: Voice of America

According to the agency, the threat actor gained access to an email inbox with Personally Identifiable Information (PII) of current and former USAGM, Voice of America, and Office of Cuba Broadcasting employees who worked for the agency between 2013-2020.

Formerly known as the Broadcasting Board of Governors, the U.S. Agency for Global Media is an independent agency of the United States government which operates various state-run media outlets, including Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to broadcasts news and information about the United States and the world to audiences abroad.

USAGM ensured they have secured the compromised account once the IT security team detected the phishing attack and began providing phishing education to staff members. They also fast-tracked their rollout of multifactor authentication (MFA) for the agency’s Office 365, SharePoint, and OneDrive accounts.

We take the protection of your personal information seriously and already have taken aggressive steps to prevent similar occurrences. As soon as the USAGM IT Security team detected the unauthorized access, it secured the breached email account and began its assessment of the extent and impact of the data breach. Agency leadership then notified employees of the breach and provided timely information about steps employees could take to protect their identity and credit. USAGM IT also provided employees with tips to identify and prevent future phishing attempts and fast-tracked its rollout of Multifactor Authentication (MFA) to the agency’s Office 365 email, SharePoint, and OneDrive environments.


Although the agency is offering complimentary access to Experian IdentityWorksSM for one year, this measure may have come too late since it’s available for 12 months from the date of the notification letter sent to employees in April 2021, four months after the attack.

Please note that Identity Restoration is available for one year from the date of the notification letter sent to employees in April 2021. The Terms and Conditions for this offer are located at www.ExperianIDWorks.com/restoration. While identity restoration assistance is immediately available, we also encourage employees to activate the fraud detection tools available through Experian IdentityWorks as a complimentary one-year membership.


This major holdup could have provided the threat actor with enough time to perform further phishing attacks or identity theft on those exposed in the security breach.

People who were impacted by the attack and have questions about the breach or identity protection services are advised to send their emails to DataBreach@usagm.gov.

What is Spear Phishing? Definition, Examples, Prevention Strategies

Hackers Use SMS Phishing Scams to Trick Rogers Customers with Outage Refunds

Security Alert: LinkedIn Phishing Campaign Promises Security

Leave a Reply

Your email address will not be published. Required fields are marked *