The department is tasked with supplying information technology and communications support to the U.S. president and other senior government officials. Letters dated on Feb. 11 advised possible victims that there was a “data breach” involving a system run by the agency.
Social Security numbers and other sensitive information are believed to have been breached between May and July of 2019, the letter said. It was unknown where the information was being stored.
DISA is part of the Department of Defense, and it staffs roughly 8,000 military staff and contractors. The agency’s letter indicated that there was no evidence that stolen personal data was misused.
“The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information [PII] may have been compromised in a data breach on a system hosted by the agency,” DISA spokesperson Charles Prichard told reports. “While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.”
He added that “DISA has conducted a thorough investigation of this incident, and taken appropriate measures to secure the network.”
Last week, the Department of Justice charged four members of the Chinese military with hacking into Equifax, the credit rating agency, which saw more than 147 million credit reports stolen. Prosecutors also attributed the same hackers to breaches at health insurance giant Anthem, the Marriott Starwood hotel breach and the U.S. Office of Personnel Management breach in 2015, which is believed to be the largest breach in the U.S. government’s history. The breach saw the theft of 21 million vetting files on federal employees and contractors.
In March, Singapore-based Telco M1 was working to protect mobile phone users from eWallet theft via a warranty program with the help of DISA.