EPA Breach Impacts 8,000 People


The U.S. Environmental Protection Agency has confirmed an IT security breach through which Social Security numbers, bank routing numbers and other personal data involving nearly 8,000 people were exposed.

According to the agency, all of the impacted individuals have been notified about the database breach, which occurred in March of this year. Most are current agency employees who were involved in various environmental cleanup projects through the Superfund program.

"Vigilantly keeping data secure from increasingly sophisticated cyber threats is a top priority at EPA," a spokesperson for the agency said in a prepared statement. "The agency has already added new safeguards in response to the incident." Specifics of the safeguards were not disclosed.

[Related: The Biggest Data Breaches of 2012 (So Far)]

According to a report from the Washington Business Journal, the breach occurred through an email that contained a malicious attachment. The report goes on to quote federal officials who believe that it is unlikely that any of the information was shared with anyone.

Further details were unavailable. An investigation by the EPA is underway.

But, the delay in the disclosure is alarming to Tony Busseri, CEO of Route1, Inc., a Toronto-based security and identity management company whose customers include the Canadian government, the U.S. Department of Defense, the Department of Homeland Security and various other federal agencies.

"Doesn't the government have a responsibility to disclose when such breaches occur?" asked Busseri. "This happened in March, so the time it took to disclose this is just far too long."

"The second aspect of this is that we keep ignoring good practices that will protect our data," Busseri continued. "There's a Homeland Security presidential directive that provides a standard way of authentication for accessing sensitive data by government employees. Based on the latest numbers we've seen, only about 10 percent of the civilian employees of the U.S. government are compliant with the standards. This basically tells us that there is a very poor authentication and identity match around government employees accessing our information. They are making it very easy for the hacker community to take advantage of bad policies and protocols."

NEXT: Strengthening Security