11 times the US government was hacked in 2023

6. No big deal?

The OMB made the most of one incident that involved a bad actor gaining access to just one employee’s login information for 15 hours — presumably because that person worked for the Office of the Inspector General (OIG), which has full access to all of them. records and materials available to the Ministry of Finance, which decides which of them should be researched or investigated, and writes reports. Due to OIG’s deep defense, the state-sponsored actor behind the attack was unable to access any information resources or launch any malware during the access. The Ministry of Finance reviewed its policies for multi-factor authentication, verified software configurations, and provided staff with awareness training to prevent recurrence.

7. Zero day survey

The US Office of Personnel Management (OPM) reported a major incident involving a zero-day vulnerability in a file transfer application – possibly a MOVEit hack, although it was not specifically called – used by a contractor that supports the Federal Employee Viewpoint Survey (FEVS). The breach compromised government email addresses, unique survey links, and OPM tracking codes for about 632,000 employees at the Department of Justice and Defense. In response, OPM stopped transferring FEVS data to contractors, closed survey links, assessed the damage, and notified affected individuals. The audit found no evidence of unauthorized access or manipulation of research results.

8. CFPB strengthens loss prevention

An employee of the Consumer Financial Protection Bureau – no longer with this company, naturally – sent to his email account 14 emails containing personal information and two spreadsheets detailing about 256,000 customers of one financial institution. Former employee ignores CFPB demands to delete emails and submit proof of deletion. Official testing showed that the data could not be used for account access or identity theft, but other affected people were notified in case it happened. In addition, the CFPB strengthened technical controls to prevent unintended breaches, reminded all employees and contractors of privacy policies, and reviewed all of its information management procedures.