How The US Army Screwed Over Targets Of Biggest Government Hack Ever

How The US Army Screwed Over Targets Of Biggest Government Hack Ever

Here’s proof that the government blind-bumbles its way through tech problems like some hydra-headed bureaucratic Mr Magoo: The US Army thought a legitimate email of warning from another agency was also from hackers — and ended up leaving people affected by the hack in the dark because of its mistake.

After personal data was stolen from millions of federal employees in an enormous breach of the Office of Personnel Management, the Army sent out an email warning people that hackers were trying to attack them again, this time by using a phishing email to collect even more personal information. Except the "phishing email" in question was actually an official email from an OPM contractor, telling people they were affected by the data breach and offering credit monitoring services to help them avoid fraudulent charges.

As The Intercept's Jana Winters reports, this ended up hurting the OPM hack targets, because the Army's investigation into the "phishing email" meant people got notified late:

Army and Air Force investigations of the "phishing scam" delayed by several days both victim notification and credit monitoring benefits to Defence Department personnel whose private information had fallen prey to OPM hackers. The emails notifying victims notifications and linking to about the monitoring only went through after spam filters were reset.

This is almost comical, except real people -- who are already vulnerable because the government can't maintain decent operational security -- are now doubly screwed because the government also can't figure out how to communicate between agencies.

[The Intercept]

Picture: AP