Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/22/2014
05:05 PM
50%
50%

DHS Warns Contractors About Breach Of Its Web Portal

More than 100 organizations got some bad news from DHS recently when it was revealed that hundreds of documents had been accessed without authorization

The U.S. Department of Homeland Security has sent warning letters to roughly 114 organizations whose data was exposed when hundreds of documents were accessed without authorization.

The move came after the department's Science and Technology Directorate was notified of the breach by a company that manages its external Small Business Innovation Research (SBIR)/Long Range Broad Agency (LRBAA) Web portal. Some 520 documents -- including whitepapers, decision notification letters, and documents regarding contract awards -- were accessed in the incident.

Sixteen of the organizations had bank information in the documents. All of the affected organizations were notified by the Science and Technology Directorate (S&T). According to a copy of the letter posted by security blogger Brian Krebs, the breach is believed to have occurred in the past four months.

"Notably, the letter does not assert that any security protocols, such as password protection or encryption, were circumvented to access the information," says Aaron Titus, chief privacy officer and general counsel at Identity Finder. "It's not even clear that the access was malicious."

"In my experience, breaches like this are often the result of a failure of basic sensitive data management practices," he says. "It's entirely possible that this information was accidentally left on a public server for four months without password or encryption protection."

None of the documents were classified, according to DHS. The agency did not offer any information about how exactly the data was accessed, stating only that the documents were downloaded from the portal by people outside of DHS. The incident remains under investigation.

"Since discovery of this incident, Science and Technology Directorate (S&T) has worked with the operator of this external Web portal to identify and resolve the security vulnerability, and all appropriate measures have been taken," a DHS S&T spokesperson tells Dark Reading. "All of the affected documents have been thoroughly reviewed to determine if there was a loss of sensitive personally identifiable information, proprietary or business-sensitive information, security information, export control sensitive information, and all potentially affected parties were notified before any nefarious activity could take place.

"S&T takes its responsibility to safeguard personal information seriously and is working with appropriate law enforcement partners on the ongoing investigation to determine the cause of the incident and the identities of the perpetrators,. It is important to note that none of S&T's internal systems were accessed or compromised."

Last year, DHS warned employees and former employees that their data may have been compromised after a vulnerability was discovered in software used by a DHS vendor to process personnel security investigations. The software was used to gather and store sensitive personally identifiable information (PII) for background organizations.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Marcus Jackson
50%
50%
Marcus Jackson,
User Rank: Apprentice
6/8/2014 | 3:07:16 AM
Surveillance State
I am an avid Infoormation Week reader and I think this article highlights the systemic problems in our government. Homeland Security is an oxymoron for these people. We are are supposed to trust them to keep our Homeland safe and they can't even keep their own data safe. Or is it really more sisnster that that, do they engineer these "breaches" to overwhelm the average US citizen into believing the wolf is at the door to justify the surveillance state that Edward Snowden is trying to warn us about. Here

http://s1375.photobucket.com/user/mj04317/library/DHS

are some more of the documents that came can be attributed to this "breach". It looks like this LRBAA program is nothing more that a black operation/slush fund (probably a joint operation between DHS and CIA) to develop tracking tools to monitor what people access on the internet and build profiles on them. The emails even talk about collaborating with the Russians. No doubt an effort by the Shdow Government to gain more power. People need to wake up and become aware before the day comes that they wake up as slaves. Eternal vigilance is the price of liberty.
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20331
PUBLISHED: 2021-05-13
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "i...
CVE-2021-31215
PUBLISHED: 2021-05-13
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
CVE-2020-36197
PUBLISHED: 2021-05-13
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This ...
CVE-2020-36198
PUBLISHED: 2021-05-13
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP...
CVE-2021-28799
PUBLISHED: 2021-05-13
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3...