March EPA Data Breach Impacts 8,000 People

August 6, 2012

The U.S. Environmental Protection Agency (EPA) has confirmed an IT security breach through which Social Security numbers, bank routing numbers and other personal data involving nearly 8,000 people, mostly current agency employees, were exposed, according to an article from CRN.

The breach, which occurred in March of this year, is under investigation by the EPA, and, according to a report from the Washington Business Journal, occurred through an email that contained a malicious attachment. The report goes on to quote federal officials who believe it is unlikely that any of the information was shared with anyone, the CRN article states.

However, it is the delay in disclosure that is alarming to Tony Busseri, CEO of Route1, Inc., a Toronto-based security and identity management company with customers including the Canadian government, the U.S. Department of Defense, the Department of Homeland Security and various other federal agencies.

According to the CRN article: "Doesn't the government have a responsibility to disclose when such breaches occur?" asked Busseri. "This happened in March, so the time it took to disclose this is just far too long."

"The second aspect of this is that we keep ignoring good practices that will protect our data," Busseri continued. "There's a Homeland Security presidential directive that provides a standard way of authentication for accessing sensitive data by government employees. Based on the latest numbers we've seen, only about 10 percent of the civilian employees of the U.S. government are compliant with the standards. This basically tells us that there is a very poor authentication and identity match around government employees accessing our information. They are making it very easy for the hacker community to take advantage of bad policies and protocols."

Busseri is calling for acknowledgment that using a basic username and password is insufficient authentication, and the system should be replaced by multifactor authentication.

"We need to follow the policies, stop approving exceptions to those policies, train employees so they understand the need for the restrictions and the importance of security. The government should also stay in touch with the private sector around next-generation tools that will continue to help us hinder the black hat hacker community."

Busseri also recommended that channel partners show stories of such breaches to their customers to help drive home the need for effective security. "A lot of people think that security needs to mean greater cost," he said. "But, that's not true. It merely supports the business models of the large security vendors who have actually been pretty lazy about evolving their technologies to meet the current threats. But, good security can actually save them money."

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

March EPA Data Breach Impacts 8,000 People

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

March EPA Data Breach Impacts 8,000 People

Related Articles

Related Events

The latest news and information

Content written for business-minded executives who manage enterprise risk and security