Sensitive info of 8,000 people compromised in US EPA breach
Posted on 03 August 2012.
5,100 current employees of the US Environmental Protection Agency and around 2,700 "other individuals" have been notified of a breach into the agency's systems that resulted in the compromise of their personal and banking information.

The stolen information comprises Social Security numbers, physical addresses and bank routing numbers.

According to the WBJ among the breached servers are those that contain data from the Superfund program, which was set up for managing the cleanup of abandoned hazardous waste sites.

An EPA employee confirmed that the compromise was the result of an attack that started with the opening of a malicious email attachment on a computer that had access to the servers, but declined to say whether the computer was operated by an agency employee or a contractor.

"EPA conducted a risk analysis, [which] indicates it is unlikely the personal financial information has been used," the agency shared in the statement. "Vigilantly keeping data secure from increasingly sophisticated cyber threats is a top priority at EPA. The agency has already added new safeguards in response to the incident."

But the most worrying thing about this breach is that it happened in March, and the affected individuals have been notified only now. The agency has offered free credit-monitoring services for one year to all of them, but has yet to say why it took so long for the breach notification to be delivered to them.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th