Data breach hits agency overseeing White House communications By Zoe Thomas

Technology reporter Published duration 20 February

image copyright Getty Images

The US agency in charge of secure communication for the White House has been the victim of a cyber-attack.

The US Department of Defence confirmed that computer systems controlled by the Defence Information Systems Agency (DISA) had been hacked, exposing the personal data of about 200,000 people.

The agency oversees military communications including calls for US President Donald Trump.

The data exposed included names and social security numbers.

The agency is responsible for the military cyber-security and it sets up communications networks in combat zones.

On its website, DISA says its vision is "to be the trusted provider to connect and protect the war fighter in cyber-space."

There are 8,000 military and civilian employees at the DISA, but through its operations, it handles data for many other individuals.

This is why the personal information for so many people was exposed.

Hack attacks

A spokesperson for the Department of Defence would not say whether the organisation knew who was responsible for this attack - but told the BBC the department was constantly under threat.

"DoD networks are under attack daily and the department maintains an active posture to thwart those attacks," the spokesperson said.

The agency said it has begun notifying people who had been affected but that there was "no evidence" their information has been misused.

The data breach occurred over the summer of 2019 and letters to possible victims began going out this month.

The agency said once the breach in its computer system was discovered it investigated and took steps to fix it and prevent further hacks.

Andy Piazza, a US veteran and cyber threat analyst, posted the letter he received from DISA on Twitter.

Mr Piazza told the BBC he was not particularly concerned about the information that may have been compromised.

But he felt there had been an increase in the number letters he was receiving from public and private firms about data breaches.

DISA's policies require it to notify anyone whose data may have been compromised.