An unnamed US intelligence official was quoted by NBC News as calling the leak of contractor Ian Mellul’s e-mails “the most damaging compromise of the security of the president of the United States that I’ve seen in decades”—one caused by the use of an outside personal e-mail account for government business. The e-mails included full scans Mellul had forwarded to himself from a White House e-mail account of passports, including Michelle Obama’s. Mellul likely forwarded the e-mails to his Gmail account because he couldn’t access White House mail offsite without a secure device.
Government sources have described DCleaks.com as being connected to Russian intelligence organizations. But just about anyone could have gotten into Ian Mellul’s e-mail if he was using the same password for his Gmail account that was exposed in a 2013 breach of Adobe user data—just as was Navy Captain Carl Pistole’s.
Don’t use the same passwords in multiple places. Especially if you work for the government with data that needs to be secured.
Makes you wonder how many of your employees are taking data off of your network to make it easier to access, doesn’t it? I mean you shouldn’t do that, especially if you work for the government with data that needs to be secured, but it happens anyway, repeatedly.
Do these folks truly not know any better? I doubt it. I suspect they’ve had plenty of training and have read plenty of policies, and they did it anyway.
How confident are you about the people who work with your data?