The State Department confirmed that its unclassified email system was breached, putting some employees’ personally identifiable information at risk.
“The department recently detected activity of concern in its unclassified email system, affecting less than 1 percent of employee inboxes,” a State Department spokesperson told MeriTalk.
As initially reported by Politico, the breach originated with an email service provider. The incident affected less than 1 percent of employees, and the department issued assurances that its classified email system had not been compromised. According to an email obtained by Politico, the department is offering credit monitoring for affected personnel.
The breach comes shortly after the State Department was chastised by lawmakers for failing to meet Federal cybersecurity standards. The department was criticized for lacking multi-factor authentication for the majority of users.
“We are working with the interagency, as well as the private sector service provider, to conduct a full assessment,” said a State spokesperson. “The department is always actively engaged in identifying cybersecurity threats and protecting its networks. This is an ongoing investigation.”