“It’s been more than a week since the Office of Personnel Management announced that approximately 4 million former and current federal employees may have had personal information plundered as part of a massive data breach discovered in April.
But evidence is mounting that the intrusion may have been much worse and far bigger than initially acknowledged—and that government officials ignored basic cybersecurity protocols for months, allowing the hackers to run off with a cache of data potentially more damaging than originally anticipated.”
Senetas High-Assurance Security Comments
The National Journal has described the US government’s Office of Personnel Management’s data breach of 4,000,000 employees private details as “one of the most intrusive data breaches on record “. Many are still demanding to know how it happened; why it happened and what the extent of this horrible data breach was. BUT, the employee federation is asking the most important question of all – why was the data not encrypted as part of the US government’s data security plan?
The federation said in part: “…Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous”. Adding: “Were that to take place in the private sector, the company would be facing class-action lawsuits”.
The federation has every right to be furious. Every credible data security strategy guide includes the recommendations that organisations identify and categorise data sensitivities; implement a policy to encrypt the most sensitive data; and what constitutes best-of-breed encryption technology.
The underlying and obvious rationale for robust encryption of sensitive data is that only encryption ultimately ensures data breaches do no harm!
Read the full article at the National Journal