Seven big government data breaches in the U.S.

Cyberattacks and data breaches have soared in recent years, and the U.S. has suffered huge amounts of breaches that has also affected U.K. organisations and citizens too.

They’re a worry because they can identify weaknesses in a country similar to us in terms of technological reliance and development. In this article, we’ll take a quick look at seven of the biggest government data breaches from across the pond in the U.S.

Georgia Secretary of State data breach

The Georgia Secretary of State Brian Kemp’s office reportedly mailed out CDs containing the personal information of around 6.2 million voters and 12 organisations. The breach occurred in October 2015 and included personal information like Social Security Numbers and birth dates.

An employee made a rooky error by attaching the data to a distribution list instead of uploading it to a separate secure file. The action that the office took was to retrieve the CDs and have them destroyed.

U.S. Postal Service data breach

The U.S. Postal Service was forced to temporarily take down its VPN service for employees following a cyber-attack that exposed personal data of some 800,000 employees back in November 2014. The cyber-attacker gained unauthorised access to data for an estimated 2.9 million postal service customers, postal workers and top directors and regulators.

The files involved names, Social Security Numbers, addresses and telephone numbers. They state that immediate action was taken when they were first made aware of the breach, but they reportedly didn’t inform victims right away as this could’ve interfered with the remediation efforts…

Internal Revenue Service data breach

The Internal Revenue Service (IRS) fell victim to unknown cyber-attackers who accessed tax return data of 724,000 individuals who used the IRS’s ‘Get Transcript’ data. They reportedly first got hold off Social Security Numbers, names and some other data before using the data to get themselves the ‘Get Transcript’ data, which allowed them access to thousands of tax filers’ details.

When the IRS heard news of the breach, the organisation took the service offline to work on ‘stronger authentication protocols’.

Harold Martin data breach

This was apparently an ‘insider job’, where a former government contractor, Harold Martin, allegedly stole 50 TB of government data over a period of 20 years. Investigators found that some of the data in the former contractor’s possession involved highly confidential information with national security importance.

Office of Personal Management data breach

The Office of Personal Management (OPM) security breach from June 2015 found “two separate but related intrusions” of a database managing records of employees and contractors working for federal agencies.

In both “intrusions” the personal information accessed included names, Social Security Numbers, dates of birth, health, criminal and financial histories. A combined total of 25.7 million personal records of former and current employees was reportedly accessed.

What was most concerning about this data breach was the fact that the data may be used for years after this incident, security analysts warned.

National Security Agency data hack

The National Security Agency (NSA) was a victim of stolen data which involved state secrets, which the NSA had developed for a number of years for national security purposes.

In the first cyber-attack (August 2016) the cyber-criminals reportedly warned them of the stolen data they held. The second cyber-attack (early November 2016) was a demonstration of their first promise.

Edward Snowden’s data leak

The Edward Snowden data leak back in 2013 is probably the most well-known when the former NSA contractor leaked highly classified documents. This had a political, economic and a social impact as well.

It’s alleged that Mr Snowden abused his position in accessing the classified documents, which highlights the risks of ‘insider jobs’.