enterprisesecuritymag

Over 600000 Oregon Residents are Impacted by a DHS Phishing Attack

By Enterprise Security Magazine | Thursday, July 04, 2019

Phishing AttackThe State Department of Human Services (DHS) employees were in for a shock after confirmatory reports on a successful phishing campaign against them came to light. The attack is likely to have compromised personal information of more than 600000 Oregon residents.

Fremont, CA: The DHS (Department of Human Services) is issuing breach notices to about 645,000 Oregon residents intimating them of possibility of their PII being hacked following a January 2019 phishing attack. Phishing, despite being one of the oldest ways of hacking, is still considered highly efficient.

What made the DHS extremely vulnerable to such a high-level breach is a phishing email that was opened by nine of their employees unknowingly on 8th January, 2019. Surveys on phishing attacks highlight that most of them are carried out by attempting to establish a rapport with the victims. These nine employees encountered difficulties while trying to access their emails from the very next day. This led to widespread speculation, and an inquiry was followed which confirmed the phishing attack.

Information from more than two million emails is now susceptible to hackers though until this day, it is not clear whether the hackers could copy any of the user data from DHS.  Impacted users would be allowed to enroll in a complimentary year-long program that offers theft monitoring along with recovery services.

The accounts were repaired in about a month from the day of attack. Along with some administrative information, the hackers could gain access to critical information including emails, contact address, full names, social security numbers etc, besides many others.

There was a recent attack of similar nature on the Minnesota Human Service Department.  The increasing number of cyber attacks highlights critical flaws in ensuring security in many government organizations. Furthermore, industry observers are raising concerns over the rather informal practice by DHS of transferring critical documents through email, which is not a secure method of transferring data.

The need of the hour is employing a workforce that is well-prepared to identify and detect phishing attacks.

Currently, several organizations lack a clear-cut strategy to identify phishing emails from a rather harmless one. There is total reliance on an employee’s common sense when it comes to detecting a phishing mail. 

Weekly Brief