Tag Archive for: Accountability

Virginia Retirement System hack demands transparency and accountability – Daily Press

/in


Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…

Source…

Answers and accountability are needed in Suffolk cyber hack

/in


Imagine someone broke into your house, shut down your essential devices, tapped into all your personal records, and then held them hostage until you paid an exorbitant amount of money to stop this criminal act.

When done over the internet, it’s known as ransomware. And increasingly, American municipalities have fallen victim to this outrageous act of cybercrime, including Suffolk County’s official website and those of some Long Island school districts.

But in Suffolk, nine months after its computer systems were broken into, some vexing questions remain: How long will it take to get bottom-line answers to the root causes of this attack? And who is really to blame?

Certainly, there were plenty of warnings. In March 2022, the FBI alerted local governments like Suffolk that they were particularly vulnerable to cyberattacks which could cause huge disruptions to computer operations, endanger health and public safety, and cost millions to fix. Citing examples around the nation, the FBI recommended against paying ransom demands, and urged municipalities to follow several detailed steps to upgrade their software defenses to prevent future attacks. Because the public relies on open municipal websites for vital services, they are “attractive targets for cyber criminals,” said the agency.

DEVASTATING ATTACK

Nevertheless, Suffolk suffered a devastating cyberattack in September, with hackers demanding $2.5 million in ransom that the county refused to pay. The county’s main website and related services were shut down for nearly six months. Both the FBI and the Suffolk district attorney continue to investigate this attack by cyber thieves who are still unknown to the public.

In its wake, Suffolk County Executive Steve Bellone blamed the computer breach primarily on the county clerk’s IT director, Peter Schlussler, and put him on paid leave in December. At a cost of $6 million, Bellone hired experts for restoration and recovery of the county’s computer system. In the meantime, the county legislature tapped Richard Donaghue, a former top U.S. Justice Department official, to help conduct its own review of circumstances surrounding the attack.

Now Suffolk’s cyber saga takes a new…

Source…

Senators want federal government to take accountability for SolarWinds hack

/in


The leadership of the Senate Homeland Security and Governmental Affairs Committee wants the Biden administration to take accountability and provide more information on the SolarWinds hack of computer network management software afflicting the government.

The federal government has said the hack — publicly disclosed last year — compromised nine federal agencies, but the Democratic and Republican leaders of the homeland security committee want more details about whose accounts and systems were compromised.

Sens. Gary Peters, Michigan Democrat, and Rob Portman, Ohio Republican, wrote to the Office of Management and Budget expressing concern that the federal government has not properly taken accountability for the SolarWinds hack. 

“It is important that there be a single point of accountability for leading response efforts to prevent confusion and duplication. We are concerned this level of accountability is currently lacking,” wrote Mr. Peters and Mr. Portman to OMB’s federal chief information security officer Christopher DeRusha.

The duo requested OMB provide a list of roles and responsibilities for cybersecurity across the federal government so the senators can understand who has responsibility for…

Source…

Prey for Education Streamlines Schools’ Mobile Device Management, Automates Security, and Improves Accountability – Yahoo Finance

/in

Prey for Education Streamlines Schools’ Mobile Device Management, Automates Security, and Improves Accountability  Yahoo Finance

Prey Inc., provider of the cross-platform, open source anti-theft software that protects more than eight million mobile devices, today announced Prey for …

“mobile security news” – read more