The U.S. Agency for Global Media (USAGM) has reported a data breach in which the personal information of current and former employees and their beneficiaries has been exposed.
USAGM, a government agency whose mission is to inform and connect people around the world and to promote freedom and democracy. USAGM has such popular broadcast networks as Voice of America, Radio Free Europe, Radio Free Asia, Office of Cuba Broadcasting, and Middle East Broadcasting Networks, through which the agency delivers news and information to people worldwide.
A former Voice of America White House correspondent Dan Robinson shared the agency’s data breach notification with BleepingComputer in which USAGM discloses a data breach that was caused by a phishing attack that took place in December 2020.
A threat actor managed to phish out credentials for one of the agency’s email accounts and thus got access to the personal information of current and former USAGM, Office of Cuba Broadcasting, and Voice of America employees who used to work at USAGM between 2013 and 2020 and possibly their beneficiaries and dependents.
The information that was accessed by an unauthorized party included full names and Social Security numbers of employees and possibly their beneficiaries and dependents.
USAGMhas secured the compromised account immediately after they’ve learned about the breach. The company also began educating its staff members about phishing attacks. The agency has also increased the rollout of multifactor authentication (MFA) for its Office 365, OneDrive, and SharePoint accounts. USAGM has also started offering a free one-year subscription to Experian IdentityWorks.
Robinson told BleepingComputer that the agency sent the announcement about the data breach to current employees on April 13th, 2021, that is four months after the breach took place.
This long delay could have allowed the threat actor to conduct follow-up phishing attacks or perform identity theft using the data exposed in the breach.
Former and current employees of USAGM should be extra vigilant and watch out for phishing scams.