A computer hacker penetrated the personal information of about 26,000 D.C.-area Department of Agriculture employees and contractors because the department told its security agency to shut down its anti-hacker system, sources said.
It’s not clear how much damage has been wrought by the June 5 breach. AT&T — the company contracted to protect the department’s computer system from hackers — had no comment. But sources said it was given permission to shut the security system down.
With the department’s security system disabled, the hacker could enter the department’s computer system. It’s not clear why the system needed to be shut down, nor is it clear how long the system was not operating.
Agriculture Department officials said last week that hackers attack its computer system up to 2,000 times per day. The department also announced none of the personal data were downloaded or transferred to another site.
But that doesn’t mean that authorities can rest easy.
Chris Painter is a supervisor in the Department of Justice’s cybercrimes division. While refusing to discuss the Agriculture hack, Painter said that hackers aren’t always looking to steal identification.
“There’s a whole range of activities that any hacker can do,” Painter said.
Hackers often install pop-up advertisements on hacked computer systems, for instance. And increasingly, they’re trying to take over systems so they can send out spam or attack other Web sites, Painter said.
Department of Agriculture spokesman Ed Loyd refused to comment on his department’s ongoing investigation.
But he denied the fact that the agency was reluctant to hand the case over to prosecutors to save the department from further embarrassment.
“That’s not the case at all,” Loyd said.
The breach was at least the third time in a month that private information kept by the government was compromised. In May, a laptop with data on nearly 27 million veterans was stolen from the Veterans’ Administration.
Shortly after that, financial services company ING announced that a laptop containing information on 13,000 D.C. employees had been stolen.
