Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The US Department of Transportation (USDOT) recently revealed threat actors breached its system in a cyberattack. The data breach compromised the personal information of roughly 237,000 current and former agency employees.
While it remains unclear when the attack happened or who are the threat actors, USDOT made the announcement just a few days before the Government Accountability Office (GAO) issued a report on cybersecurity. The report stated that USDOT should improve the implementation of its cybersecurity policies.
GAO acknowledges that USDOT has made some progress, including the creation of cybersecurity roles and responsibilities for officials within its agencies, but there is still room for improvement. For instance, Nextgov.com notes, while USDOT has reviewed its agencies’ cybersecurity programs, the reviews were not used to actually address the sixty-three cybersecurity recommendations issued by GAO.
The Data Breach Impact on USDOT
According to the researchers, the attack hit systems for processing TRANServe transit benefits. For now, the incident affected the process that returns commuting costs to government employees.
According to USDOT, the ongoing investigation of the attack limited the breach to some of the systems that were used for administrative tasks. They gave employee transit benefits processing as an example. As a security measure, while the investigation is still ongoing, the specialists momentarily froze access to the transit benefit system.
USDOT also stated that apparently, the data breach had no impact on the transportation safety systems. However, the breach affected 114,000 current and 123,000 former USDOT employees.
The maximum benefit allowance is $280 per month for federal employee mass transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.
Mitigation and Prevention Measures Against Data Breaches
Governmental organizations are one of the hackers` favorite targets, and similar attacks did happen in the past.
Data breaches that affect personal information can result in identity theft, phishing attempts, account fraud, and more. So, in order to avoid data breaching, cyber security specialists recommend the following best practices:
- Make sure to patch in a timely manner all known vulnerabilities
- Use strong passwords and enforce multi-factor authentication (MFA)
- Inform and educate employees regarding the risks of improper use of credentials and about how they can spot a phishing or smishing attempt
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
