The United States Agency for Global Media (USAGM) disclosed a data breach that exposed the personal data of current and former employees.
- USAGM disclosed a data breach after falling for a phishing attack in December 2020.
- Exposed data includes full names and social security numbers of employees and possibly their beneficiaries and dependents.
The United States Agency for Global Media (USAGM) disclosed a data breach that exposed the personal data of current and former employees.
According to the data breach notification shared with BleepingComputer by the former Voice of America correspondent at the White House, Dan Robinson, USAGM Berlin suffered a data breach after falling for a phishing attack in December 2020.
This phishing attack allowed a threat actor to access an agency email account that contains personal data of current and former USAGM, Voice of America, and Office of Cuba Broadcasting employees who worked at the agency between 2013 and 2020.
Exposed information includes full names and Social Security numbers of employees and possibly their beneficiaries and dependents.
USAGM claims that they secured the affected account once they learned of the breach and began providing phishing education to staff members. They also accelerated the implementation of multi-factor authentication (MFA) for the agency’s Office 365, SharePoint and OneDrive accounts.
While USAGM offers a free one-year subscription to Experian IdentityWorks, this may have come too late.
Robinson reported that he learned that the letters were sent to current employees on April 13th, 2021, four months after the bad actor accessed the data.
This long delay might have given threat actors time to conduct further phishing attacks or identity theft on those exposed in the data breach.
Affected individuals should be on the lookout for potential phishing scams that use the stolen data and advise their family members to be watchful as well.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?