The Homeland Security Department issued an alert in May detailing a series of attacks against government and industry. The U.S. Computer Emergency Readiness Team released an analysis report detailing nine incidents between July 2014 and May 2015 in which hackers stole what they call “bulk personally identifiable information (PII)” from public and private-sector organizations.
“The cyber threat actors involved in each of these incidents demonstrated a well- planned attack and high level of sophistication,” US-CERT wrote in the report, which Federal News Radio obtained.
While US-CERT doesn’t go into detail about whom the incidents impacted, two of the first three incidents reported involved government personnel data. In one of the incidents to which US-CERT responded, “PII data belonging to hundreds of thousands of government personnel was compromised.”
As DHS saw this trend of attackers trying to steal bulk PII, Secretary Jeh Johnson issued the first-ever Binding Operational Directive (BOD) to the civilian agencies.
It is only going to get worse before things get better.