FEMA and CBP Hacked: Employee Data Stolen for Weeks
A hacker infiltrated the networks of the Federal Emergency Management Agency (FEMA) and U.S. Customs and Border Protection, stealing employee data over several weeks this summer. The incident, which took place from June 22 until August 5, involved an unidentified threat actor exploiting a Citrix vulnerability.
The hacker gained access using compromised credentials through Citrix Systems Inc.'s remote desktop software. They successfully accessed Microsoft's Active Directory and attempted to remotely break into a database. The breach affected FEMA's Region 6, covering Arkansas, Louisiana, New Mexico, Oklahoma, and Texas.
FEMA and Customs and Border Protection have confirmed that employee information was stolen. This includes identity data, although Homeland Security Secretary Kristi Noem initially stated that no sensitive data was extracted. An internal investigation later revealed the theft.
Following the breach, FEMA disconnected the Citrix remote access tool and enforced multifactor authentication. Secretary Noem also fired multiple FEMA IT executives due to the handling of the incident.
The hackers behind this breach remain unknown. The incident highlights the importance of robust cybersecurity measures, especially when dealing with sensitive employee data. FEMA and Customs and Border Protection are now working to strengthen their security protocols and ensure the safety of their employees' information.
