This recent attack is only the latest in a string of hacks targeting federal employee records. The largest breach, of course, was at the Office of Personnel Management, where the security clearances, background checks and fingerprint records of more than 21 million current, former and prospective federal employees were exposed.
Surgeon General Vivek Murthy wrote an email directly to members of the US Public Health Service Commissioned Corps to warn them that "unauthenticated visitors" to one of their computer sites could have retrieved their private information, including their names, birthdates and Social Security numbers.
"Based on our investigation, affected individuals are those served by this website-based system: current, retired and former Commissioned Corps officers and their dependents," wrote Surgeon General Murthy.
According to the department, the breach was first discovered on September 20th when a user noticed that there was something wrong with the system, which has since been disabled. Supposedly, while the information was clearly accessible, investigators are still trying to determine whether or not any of it was stolen or compromised.
Certainly, their concerns are not without provocation. But really, who would hack the system and not steal or otherwise make any effort to obtain at least some of the information they accessed? And truly, if a hacker got that far into the system, the government should at least be entertaining the possibility that someone out there could steal information without them being able to verify it.
Concerns about the US government's ability to protect itself against hackers and data breaches have been on the rise over the last several years. Just last year, NBC News reported on a summertime data breach and noted that it "almost certainly will not be the last" intrusion. Granted, it wasn't a hard prediction to make. The government's sprawling, outdated networks set them up to be an easy target -- and their opponents are tech-savvy sophisticates who have clearly figured out how to circumvent detection.
Sources: