This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » March EPA Data Breach Impacts 8,000 People
Cyber Security News
Security News -- Data Breach

March EPA Data Breach Impacts 8,000 People

Generic Image for Cyber Security
August 6, 2012
KEYWORDS cyber security / data breach / data security / Environmental Protection Agency / Government Security / Security News
Reprints
No Comments

The U.S. Environmental Protection Agency (EPA) has confirmed an IT security breach through which Social Security numbers, bank routing numbers and other personal data involving nearly 8,000 people, mostly current agency employees, were exposed, according to an article from CRN.

The breach, which occurred in March of this year, is under investigation by the EPA, and, according to a report from the Washington Business Journal, occurred through an email that contained a malicious attachment. The report goes on to quote federal officials who believe it is unlikely that any of the information was shared with anyone, the CRN article states.

However, it is the delay in disclosure that is alarming to Tony Busseri, CEO of Route1, Inc., a Toronto-based security and identity management company with customers including the Canadian government, the U.S. Department of Defense, the Department of Homeland Security and various other federal agencies.

According to the CRN article: "Doesn't the government have a responsibility to disclose when such breaches occur?" asked Busseri. "This happened in March, so the time it took to disclose this is just far too long."

"The second aspect of this is that we keep ignoring good practices that will protect our data," Busseri continued. "There's a Homeland Security presidential directive that provides a standard way of authentication for accessing sensitive data by government employees. Based on the latest numbers we've seen, only about 10 percent of the civilian employees of the U.S. government are compliant with the standards. This basically tells us that there is a very poor authentication and identity match around government employees accessing our information. They are making it very easy for the hacker community to take advantage of bad policies and protocols."

Busseri is calling for acknowledgment that using a basic username and password is insufficient authentication, and the system should be replaced by multifactor authentication.

"We need to follow the policies, stop approving exceptions to those policies, train employees so they understand the need for the restrictions and the importance of security. The government should also stay in touch with the private sector around next-generation tools that will continue to help us hinder the black hat hacker community."

Busseri also recommended that channel partners show stories of such breaches to their customers to help drive home the need for effective security. "A lot of people think that security needs to mean greater cost," he said. "But, that's not true. It merely supports the business models of the large security vendors who have actually been pretty lazy about evolving their technologies to meet the current threats. But, good security can actually save them money."

Subscribe to Security Magazine

Related Articles

Social Media Exposure Can Exacerbate the Negative Impact of a Data Breach

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

More Than 100,000 Students Impacted by Washoe County School District, NV Data Breach

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

SEC1219-Cover-Feat-slide1_900px

Contracted vs. In-House Guarding: No Universal Right Answer

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing