GovBytes: How Can Governments Better Protect Our Data?

When an international hacker group broke into law enforcement agencies in 11 states last weekend and made sensitive personal information public, it caused a number of people, both within government and without, pause.

The hacking collective AntiSec — a combination of Anonymous and LulzSec — hacked into Brooks-Jeffrey Marketing (BJM), an online marketing company that hosts websites. Through BJM, AntiSec accessed the websites of more than 70 law enforcement agencies and stole sensitive information. … BJM took the websites offline after an initial attack on July 31 and tried to fix the problem by removing malware that AntiSec had placed on the sites, said Wasim Ahmad, vice president of data security at Cupertino, Calif.-based Voltage Security. The company called the FBI for assistance and after BJM thought the problem was resolved, put the websites back online.

However, the company hadn’t removed all of the malware, which resulted in the second attack on Aug. 6, Ahmad said. The hackers posted 10 GB of stolen data online, which contained confidential e-mails, passwords, Social Security numbers and credit card numbers, which were used to make donations on behalf of the card holders.

Security Experts Not Surprised by Hacking of Websites

The question on many minds this week is: How could this have happened? Don’t government organizations and the vendors they contract with take precautions to ensure personal information doesn’t get out? Isn’t that one of their foremost obligations to the people they serve? And what can be done to prevent hacker groups like this one from carrying out such attacks in the future?

The company’s spokesman suggested that government agencies need to do a better job of oversight by questioning private companies before granting them access to sensitive data. Another recommendation is that state and local governments begin adopting guidelines for their vendors like the ones federal agencies must adhere to. There may even need to be an auditing process in place to make sure the vendors qualify.

Beyond these first steps, how can government agencies be doing a better job of protecting private data?

*****************************************************************************************************************

“GovBytes” is a blog series created by GovLoop in partnership with Government Technology. If you see great a story on Gov Tech and want to ask a question around it, please send it to [email protected].

Leave a Comment

Leave a comment

Leave a Reply