Over 600000 Oregon Residents are Impacted by a DHS Phishing Attack
The State Department of Human Services (DHS) employees were in for a shock after confirmatory reports on a successful phishing campaign against them came to light. The attack is likely to have compromised personal information of more than 600000 Oregon residents.
Fremont, CA: The DHS (Department of Human Services) is issuing breach notices to about 645,000 Oregon residents intimating them of possibility of their PII being hacked following a January 2019 phishing attack. Phishing, despite being one of the oldest ways of hacking, is still considered highly efficient.
What made the DHS extremely vulnerable to such a high-level breach is a phishing email that was opened by nine of their employees unknowingly on 8th January, 2019. Surveys on phishing attacks highlight that most of them are carried out by attempting to establish a rapport with the victims. These nine employees encountered difficulties while trying to access their emails from the very next day. This led to widespread speculation, and an inquiry was followed which confirmed the phishing attack.
Information from more than two million emails is now susceptible to hackers though until this day, it is not clear whether the hackers could copy any of the user data from DHS. Impacted users would be allowed to enroll in a complimentary year-long program that offers theft monitoring along with recovery services.
The accounts were repaired in about a month from the day of attack. Along with some administrative information, the hackers could gain access to critical information including emails, contact address, full names, social security numbers etc, besides many others.
There was a recent attack of similar nature on the Minnesota Human Service Department. The increasing number of cyber attacks highlights critical flaws in ensuring security in many government organizations. Furthermore, industry observers are raising concerns over the rather informal practice by DHS of transferring critical documents through email, which is not a secure method of transferring data.
The need of the hour is employing a workforce that is well-prepared to identify and detect phishing attacks.
Currently, several organizations lack a clear-cut strategy to identify phishing emails from a rather harmless one. There is total reliance on an employee’s common sense when it comes to detecting a phishing mail.
By Tom Farrah, CIO & SVP, Dr Pepper Snapple Group
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Phil Jordan, CIO, Telefonica
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Dennis Hodges, CIO, Inteva Products
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sven Gerjets, SVP-IT, DIRECTV
By Marie Blake, EVP & CCO, BankUnited
By Lowell Gilvin, Chief Process Officer, Jabil
By Walter Carvalho, VP & Corporate CIO, Carnival Corporation
By Mary Alice Annecharico, SVP & CIO, Henry Ford Health System
By Bernd Schlotter, President of Services, Unify
By Bob Fecteau, CIO, SAIC
By Jason Alan Snyder, CTO, Momentum Worldwide
By Jim Whitehurst, CEO, Red Hat
By Marc Jones, Distinguished Engineer, IBM Cloud Infrastructure