Russian hackers breached the email addresses of approximately 632,000 employees from the U.S. Department of Justice (DOJ) and the Department of Defense (Pentagon). Bloomberg reported on the breach, adding these agencies to the growing list of organizations impacted by a series of data breaches attributed to a Russian-speaking criminal group.
Furthermore, the accessed email addresses were linked to government employee surveys and internal agency tracking codes, according to a report from the Office of Personnel Management (OPM). The attackers gained access through MOVEit, a file transfer program used by the data firm Westat for employee surveys, and the breach affected officials from various Defense Department divisions, including the Air Force, the Army, and the Office of the Secretary of Defense.
The breach, which took place on May 28 and May 29, was classified as a “major incident” by OPM. Despite the severity of the breach, the agency stated that the compromised data was “generally of low sensitivity” and was not classified. Neither the Justice Department nor the Defense Department immediately responded to requests for comment from Forbes. The cyberattack is part of a larger trend of data breaches targeting vulnerabilities in the MOVEit software, impacting numerous government agencies and private companies. The breaches have been attributed to the Russian-speaking ransomware group CLoP, which claimed responsibility for various other hacks involving MOVEit.
Although these incidents are concerning, Jon Easterly, the director of the Cybersecurity and Infrastructure Security Agency, noted in June that they do not pose a “systemic risk to our national security or our nation’s networks.” This breach underscores the ongoing challenges in securing sensitive data and the need for enhanced cybersecurity measures to protect organizations and their valuable information.