House Committee and the IDHS Breached: Risks and Five Tips

Imagine this: You checked your bank app one morning, and then, you saw a notification. It said that you're at risk because of a government data breach. This happens in reality.

Hackers are targeting government agencies, including the Illinois Department of Human Services and the US House of Representatives. These cases pose risks to regular citizens, such as identity theft. It’s advised to take proactive steps to reduce the risks.

One reason our personal data is at risk is because of data breaches. And the thing is, even government agencies get breached. For example, in 2018, the US Postal Service suffered from a data leak in 2018, exposing over 60 million users.

In a more recent case, the Illinois Department of Human Services (IDHS) has been breached. The IDHS’s mapping website was made accessible to the public, exposing the information of 32,000 Division of Rehabilitation Services (DRS) customers. The compromised details are:

What's worse, the breach affected over 670,000 recipients of the Medicaid and Medicare Savings Program. The compromised recipient details are:

In another case, the emails of US House of Representatives staffers were accessed. According to experts, the Salt Typhoon, a Chinese threat group, is responsible for the attack. The main targets were staff members working on committees that focus on matters involving China (e.g., foreign affairs, armed services, and intelligence).

According to experts, this is part of the ongoing cyber campaign by the Ministry of State Security (China’s intelligence service). The main targets are the communication networks in the US. Hackers access unencrypted messages, calls, voicemails, and emails of every American. It’s unclear if the emails of lawmakers were accessed. However, the Salt Typhoon had already intercepted the calls of senior US officials in the past years.

Now, why should you care about this? You should care because government hacks (whether caused by hackers or enabled by bad practices from the agencies) put regular citizens at risk of financial fraud, identity theft, and broader cybersecurity threats.

Here’s a detailed breakdown of what could happen to you because of a government data breach:

• Risk No. 1 - Identity Theft: When government agencies are hacked, our sensitive data, such as our Social Security numbers, passports, and driver’s licenses. This enables scammers to steal our identity and open fraudulent accounts under our names. The impact includes long-term credit damage and immediate financial loss.

• Risk No. 2 - Collateral Cyber Damage: When the government stockpiles hacking tools or vulnerabilities, it weakens encryption and software standards. This makes devices more vulnerable to remote attacks and malware.

• Risk No. 3 - Unwanted Surveillance: Malware aimed at government systems may damage networks from banks and other service providers, spreading the impact to innocent users.

You can protect yourself by taking these proactive steps:

• Protection Tip No. 1 - Freeze Credit: After a data breach, it’s ideal to freeze your credit. That way, even if hackers were able to access your details, they wouldn't be able to open new accounts or take out loans under your name. This would reduce the impact of government data breaches.

• Protection Tip No. 2 - Use Strong Passwords: Login credentials may also be affected after a data breach. But when you’re using strong, unique passwords, hackers have lower chances of accessing your accounts. This means you should use at least 12 characters, random combinations, and symbols. We also recommend using a password manager and multi-factor authentication, both of which add layers of security to your accounts.
  
• Protection Tip No. 3 - Encrypt Connections: Make sure that you’re using encrypted connections. For example, never visit websites that only have “http” – the missing S means it’s not secure. This is important because encryption protects the data that’s being transmitted to other networks, preventing unauthorized access.

• Protection Tip No. 4 - Use Monitoring Tools: You can enroll in free credit monitoring services that are offered after a breach. Look out for all notices or issues for potential claims.

• Protection Tip No. 5 - Limit Data Exposure: You can reduce the impact of a data breach by ensuring that your personal information is not everywhere online. You can do this by simply limiting data sharing on social media platforms. It’s also ideal to opt out of data brokers (companies that collect personal data and share it with companies and even with government agencies.

Overall, the recent data breaches on government agencies also pose risks to regular citizens. So, you should care about government hacks, and you should be proactive. Know what to do after a data breach, and take necessary steps to reduce the damage of data breaches.

Some of the biggest cyberattacks are: 1) MOVEit transfer data breach, 2) Colonial Pipeline Ransomware, 3) Yahoo data breaches, 4) PlayStation Network Hack, and 5) CardersMarket hack.

The one reason emails are getting hacked is the use of weak passwords (e.g., 123456). Hackers use automated tools to help them guess weak passwords in minutes.