The U.S. Department of Defense (DoD) revealed a data breach against the Defense Information Systems Agency (DISA), which occurred between May and July 2019. According to breach notification, the incident is said to have compromised employees’ personally identifiable information (PII) and social security numbers.. However, the agency didn’t reveal the number of employees impacted in the incident.
DISA is a combat support agency of the Department of Defense (DoD). It handles IT and telecommunications support for President Donald Trump, the White House, the U.S. diplomats, and military troops. The DOD and DISA didn’t provide further details about the incident, however, they clarified that there is no evidence to suggest that employees’ personal data was misused. The agency stated that it is offering free credit monitoring services to the impacted employees.
Security Incidents on Defense Agencies
This is the second data breach the DOD exposed in the last two years. In October 2018, the agency suffered a data breach that compromised the personal and credit card information of the U.S. military and civilian personnel. The attackers allegedly gained unauthorized access to sensitive information through a system that stores travel records. The system was maintained by a third-party contractor. The incident affected around 30,000 military and civilians personal and payment card details.
New Cybersecurity Standards for Defense Sector
Recently, the DoD published a new set of cybersecurity standards, known as the Cybersecurity Maturity Model Certification (CMMC) version 1.0. The new standards will require defense companies to adhere to a set of rules and mandates if they want to do business with the Pentagon procurement programs. According to the DoD, any company that does business with the Pentagon will have to get some level of certification and their defense acquisition workforce will need to be trained on how to apply the model to their contracts.