There are no organizations that are exempt from potential cyberattacks. Hackers especially like to target companies that host sensitive information. Therefore, it shouldn’t come as a surprise that government agencies like the IRS have had to deal with data loss. The question is, how are these companies going to prevent similar attacks in the future? In this article we’ll explore the biggest data breaches involving government agencies in recent years.
U.K. Ministry of Defense is Missing a Hard Drive
In 2008, the U.K. Ministry of Defense realized that a hard drive was missing during a routine audit. The drive was said to be missing from a Hampshire location. It is unclear whether the hard drive was stolen or whether it was lost.
The spokesperson admitted that the hard drive was unlikely to have been encrypted. That means whoever gets access to the drive will have the information of about 1.7 million people who expressed an interested in joining the armed forces in the U.K.
The information on the hard drive is likely to contain names and contact details, but information collected for serious applicants may also include bank account information and more extensive personal data.
The sad part about this incident is that it wasn’t the first. According to BBC News, the Ministry of Defense has reported that over 658 of its laptops had been stolen over the course of four years in addition to 26 portable memory sticks. It’s mind-boggling to think what could be done with this information if it gets into the wrong hands.
Texas Posted 3.5 Million Records on a Public Server
The bad news is that government breaches can be found in every country. The state of Texas doesn’t seem to be any better at handling secure information than the U.K. Ministry of Defense. For reasons not explained, the Texas comptroller office posted sensitive records of over 3.5 million people on a public site that was not encrypted.
Names, addresses, and Social Security numbers of education employees and retirees, unemployment beneficiaries, and state employees and retirees were posted on a public server in January, April, and May of 2010. The breach wasn’t discovered until March 31 of the following year. In consequence, an unspecified number of people were fired.
Unlike most public companies responsible for a security breach, the state of Texas is not offering credit monitoring to the people affected by the breach. And while a phone hotline was established to answer people’s question, there wasn’t even enough staff available to handle the influx of calls.
On the bright side, investigations haven’t found conclusive proof that the information was accessed or misused. However, that probably won’t make the people affected by this breach worry any less.
Criminals Steal IRS Data on 100,000 People
If cyber-criminals wanted to do serious damage, they didn’t have to look further than the IRS website. Criminals attempted to download tax transcripts for 200,000 individuals between February and May of 2015, getting away with half of those records. The crooks then used about 15,000 of these people to obtain tax refunds in their names.
Unfortunately, the potential damage is much worse. After all, now that the criminals have access to over 100,000 identities and Social Security numbers, with which they can open up bank accounts and lines of credit.
In order to be able to download the transcripts from the IRS website, the criminals already had to have access to names and Social Security numbers of their intended victims. They were also able to answer security questions correctly, which are questions that are often difficult to answer even by the legitimate taxpayer.
And while the security breach wasn’t solely the fault of the IRS, the agency has taken it upon itself to disable the transcript service until it can be made more secure. The IRS is also notifying the people potentially affected by the breach and providing them with credit monitoring and protection.
Cyber-Criminals are Hard to Stop
When it comes to cybersecurity, it’s easy to see that criminals are ramping up. Instead of limiting themselves to stealing the identity of individual customers, they aim to infiltrate the databases of government agencies. The IRS breach showed that these criminals had already collected enough information to gain further access.
Of course, government agencies can be the cause of the problem in the first place as we’ve discovered with the cases of the U.K. Ministry of Defense and the Texas comptroller breaches. It’s imperative for government agencies to jump on the bandwagon and instill security measures to protect the sensitive information they collect on a daily basis.
Cybersecurity Requires Constant Vigilance
At eFileCabinet, we know that cybersecurity requires constant efforts to evaluate and improve existing security measures. As you can see, even government agencies can be infiltrated by hackers. Unfortunately, the cases discussed above are just a small sampling of such breaches. In recent years, the Australian Immigration Department, Medicaid, Florida courts, Washington State court system, U.S. Law Enforcement, and the Virginia Department of Health had their data compromised. And that’s still just the tip of the iceberg.
eFileCabinet and Security
At eFileCabinet, we take your security seriously. In addition to encrypting your personal account information, we encrypt every document you store or transfer. We figure that if your files are important enough to store with us, then they’re important enough to be encrypted.