Could a recent investigation prove the OPM data breach was not state-sponsored after all, or is it just a move by the Chinese government to proclaim their innocence?
In other news, U.S. lawmakers are questioning the safety of VTech users’ data, as children and parents who use its gadgets and toys were recently given a rude awakening. But with the help of a cybersecurity firm, could an investigation into the breach help VTech verify it did its best to safeguard the information?
Check out the latest updates on some of the biggest cybersecurity headlines of the week:
IS A CRIMINAL GANG TO BLAME FOR THE OPM HACK?
China’s Xinhua News Agency revealed earlier this week that an unidentified investigation confirmed the massive cyberattacks that took place on the U.S. Office of Personnel Management (OPM) were actually carried out by criminals and not the Chinese government itself.
Since the data breaches —which exposed nearly 22 million digital records of both former and current federal employees and contractors, as well as 19.7 million forms with data and more than 5 million fingerprints — took place, the Chinese government has resided under a cloud of suspicion. Chinese officials have always maintained the country’s innocence, but the announcement of an investigation that clears the country of any blame has evoked mixed emotions.
“Any assertion by Chinese media that the OPM cyberattack was the work of criminals, not government agents, is in all likelihood bunk,” Brian Finch, a partner at technology law firm Pillsbury Winthrop Shaw Pittman, told The Wall Street Journal on Thursday (Dec. 3). “Those criminal groups typically operate with the knowledge and consent of Chinese officials.”
While the Xinhua piece may offer some acknowledgment from China officials that the OPM data breach did originate in China by referring to “Chinese hackers,” The WSJ points out this could also just be a summary of past allegations. Despite what many U.S. officials have said both publicly and privately about the OPM cyberattacks being state-sponsored, the investigation reported by China’s media service could be yet another attempt by the country to clear its name.
DIGITAL TOYMAKER VTECH GOES ON THE OFFENSIVE
The most recent reports surrounding the hacking attack that rocked Hong-Kong based toymaker VTech confirmed the sensitive data of nearly 6.4 million children was exposed. Now the company is retaining FireEye’s Mandiant forensics unit to assist in an investigation of the attack.
As Reuters reported on Thursday (Dec. 3), VTech is cooperating with law enforcement agencies worldwide, while Mandiant will begin taking an in-depth look into how the company handles and secures customer information. Mandiant will also provide guidance on how VTech can strengthen the security used to protect user data.
The exposed data is primarily from VTech’s Kid Connect service, which allows children to use their VTech tablets to chat with their parents via a smartphone app. The well-known online repository for data breaches, Have I Been Pwned, lists the VTech attack as the fourth largest consumer data breach on record.
The digital gadget and toy manufacturer has been under intense scrutiny since it disclosed the data breach late last week. Attorney generals of two U.S. states have declared they will conduct their own probes into the source of the hacking and Britain’s Information Commission’s Office (ICO), a data privacy regulator, has also confirmed plans to investigate the breach.