data breach

security-breach

While all data breaches are bad, this one might be extra bad.  Department of Defense officials have revealed that a travel record data breach with an unnamed contractor has exposed the personal information of military as well as civilian staff members.  This includes credit card information.  A source has revealed that this didn’t necessarily compromise classified material, but it is affecting as many as 30,000 workers.  Of course, there is a chance that this number might get larger.  It’s interesting to me that the Pentagon is still having difficulty with security, despite efforts to harden its sites and improve its networks.

To some, credit card data might not be a big deal.  You can cancel a credit card, and make arrangements to ensure that you’re protected, but the general idea of a data breach leads me to believe that there are bigger issues.  How can anyone be sure that they are safe?  Especially when the people affected by the data breach, are the ones tasked with protecting the country?

In addition, it’s uncertain when the intrusion took place.  Department staff warned leaders on October the 4th after discovering the breach, but it could have taken place before that and gone completely unnoticed for any amount of time.  Individuals who are affected will be contacted in the coming days, and they will help out with fraud protection services.  But like I say whenever there is any data breach – is that enough?  Yes, an apology is great, but when it comes down to it, an apology doesn’t reverse what has happened in the past.  Can it change your perception of the organization who is responsible?  Maybe.  But if we look at the Equifax situation, the answer to that might be no.

The timing of this, though, is not great.  The Government Accountability Office recently issued a report saying that the Defense Department had made progress on securing its networks.  But they did say that they were falling short in protecting weapon systems.

What does this mean for Defense staff?  Well, the same thing it means for the rest of America when there is a data breach.  In this instance, attackers made off with both credit card numbers as well as personal information.  The attackers themselves can use this information to harm the individuals, or they can sell the information to a third party, who then uses the information to harm the individuals that the information was stolen from.  Either way, the attackers “win” and the rest of us lose.

The more data breaches that I see, the more I wonder if there’s anything that these organizations can do to prevent them at all, or at least lessen the severity.  Because these are so prevalent, I think the answer to that is no.  Attackers will always be trying to make their way into someone’s system.  That’s why organizations like Apple and Facebook have what they call a “bug bounty”.  They will pay people to find vulnerabilities in their software in order to prevent attacks from happening in the future.  Software, however, gets updated, and the end result isn’t always that clean or smooth.  I think we just need to be due diligent when it comes to giving out our personal information.