White-hat hackers pierced Interior’s cloud, swiped ‘personal’ data

By Michael Doyle | 02/26/2024 01:31 PM EST

The Office of Inspector General said its tests exposed shortcomings in the Interior Department’s systems to protect employee information.

Interior Department headquarters in Washington.

A new Office of Inspector General report pinpointed shortcomings in cybersecurity at the Interior Department. Francis Chung/E&E News

Cybersecurity shortcomings at the Interior Department put employees’ sensitive personal information at risk of unauthorized access, the department’s watchdog agency warned in a report made public Monday.

While acknowledging some security improvements have been made, Interior’s Office of Inspector General disclosed that its white-hat hackers were able to “exfiltrate” — in other words, steal — more than a gigabyte’s worth of data from the department’s cloud storage over the course of a week.
Office of Inspector General

“Our tests succeeded because the department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data,” the OIG reported.


The evaluators further noted that the department has “never conducted regular required tests of the system’s controls for protecting sensitive data from unauthorized access” during the time cloud storage has been utilized. The potential consequences of data theft or leakage could be dramatic.