GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

What sparks stellar innovation? Five leaders' perspectives

News

Industry Update

CFPB criticism grows

Android Pay gains pre-launch mojo

FCC declares Robo-geddon

Strong response to massive breach of federal workers' PII

Features

Entering the omnichannel age

Vanguard mobile shopper behaviors exposed

Views

Insider's report on payments: EMV and the law of unintended consequences

Patti Murphy
ProScribes Inc.

The ISO and portfolio market that wasn't supposed to be

Adam Hark
MerchantPortfolios.com

Education

Street SmartsSM:
Let's waste some money

Jeffrey I. Shavitz
Affinity Solutions Inc.

When was the last time you inventoried your tools?

Jeff Fortney
Clearent LLC

The one man show: Strategic business planning

John Tucker
1st Capital Loans LLC

Three ways small businesses can avoid being hacked

Scott Nelson
ProPay Inc.

10 things to consider before selling your residuals

Richard A. Sachs
TouchSuite

Company Profile

dealsnapt

New Products

Simplified, processor neutral digital money

Quisk
Quisk Inc.

Revealing competitive ranking, potential gaps

Digital Gap Analysis
One Million Acts of Education

Inspiration

Non-headache meditation

Departments

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

July 13, 2015  •  Issue 15:07:01

previous next

Strong response to massive breach of federal workers' PII

Editor's Note: For additional news stories, please see Breaking Industry News on our home page, www.greensheet.com.

The United States Office of Personnel Management confirmed on June 4, 2015, that a cybersecurity attack may have impacted as many as 4 million current and former government workers. This new data security breach follows the recent intrusion of a consumer-facing web portal hosted by the Internal Revenue Service disclosed May 26 and the breach of an unclassified network at The White House reported in October 2014.

The recent OPM incident occurred during a window of vulnerability before the agency's network was reinforced with new security tools and capabilities, authorities said. Recently installed threat detection tools and capabilities led to the discovery in April 2015 of an intrusion that had been operating undetected for an unknown period.

"OPM has partnered with the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to federal personnel," the OPM stated, reiterating its continuous efforts to protect sensitive data by improving security best practices and information technology (IT) infrastructure monitoring.

In the wake of the data breach, the OPM beefed up network security alerts and restricted access to its networks by remote IT personnel. IT administrators are also reviewing ports and connections and deploying anti-malware across the enterprise to further protect the network.

Another remediation drill

OPM Director Katherine Archuleta said the OPM will honor its responsibility to secure the information stored in its systems and take additional measures to secure its network. "Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM," she said.

The OPM stated its plans to notify the approximately 4 million individuals whose personally identifiable information (PII) may have been compromised. It vowed to continue notifying personnel throughout the investigation should additional PII exposures occur. The OPM will provide 18 months of free credit reporting, credit monitoring, and up to $1 million dollars in identity theft and recovery insurance services to all potentially affected individuals.

The OPM advised all personnel to "monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions." Employees are encouraged to make use of public resources such as AnnualCreditReport.com and the Federal Trade Commission's identity theft website, www.identitytheft.gov. They can also contact TransUnion LLC to request that a fraud alert be placed on their files, which instructs prospective creditors to contact consumers before opening or activating new accounts.

The agency also advised federal personnel and private citizens to be suspicious of unsolicited phone and email communications from unknown individuals claiming to represent legitimate organizations. It also suggested the following resources for further guidance: Protecting Your Privacy, www.us-cert.gov/ncas/tips/ST04-013; the Anti-Phishing Working Group www.antiphishing.org; Understanding Firewalls, www.us-cert.gov/ncas/tips/ST04-004; Understanding Anti-Virus Software, www.us-cert.gov/ncas/tips/ST04-005; Reducing Spam, www.us-cert.gov/ncas/tips/ST04-007); and the FBI's Internet Crime Complaint Center at www.ic3.gov.

Immunize against future attacks

At the June 2015 Exponential Finance conference, Marc Goodman, global security advisor and author of Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, observed similarities between cyber security and public health best practices and recommended that the security community borrow a page from the Center for Disease Control playbook.

"I'd like to see the security community adopt a more epidemiological approach to cyber security, by immunizing the public against widespread computer viruses and cyber attacks," he said, referring to the scientific study of cause and effect of infectious diseases used to create public policy by identifying risks and establishing guidelines for preventive healthcare.

Goodman cited a 1999 study by the CDC that identified automotive safety as the most significant accomplishment of the 20th century, an achievement tied to the publication in 1965 of Ralph Nader's book, Unsafe at Any Speed. About the book, Goodman said, "3.5 thousand people were killed per day worldwide until that book was published, which led to seatbelts, air bags and a range of other improved industry standards."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios