Welcome back, Congress. Here’s hoping you had a productive recess.
Some of you may remember that right before you left town back in early August, the Senate abandoned plans at the last minute to vote on some important cybersecurity information sharing legislation, postponing the work until after your month-long recess. Some pointed out at the time that by delaying action, lawmakers were leaving U.S. companies more vulnerable to cyberattacks. They noted that, unlike Congress, hackers wouldn’t take the month of August off.
They were right.
While you were away, Congress, here’s a sampling of what happened on the cyber front.
Aug. 6 - Russia launched a "sophisticated cyberattack" against the Pentagon's Joint Staff unclassified email system, which was subsequently shut down and taken offline for nearly two weeks.
Aug. 7 - The same hackers who breached systems at the Office of Personnel Management struck a major clearinghouse for travel reservations and may have attacked systems at American Airlines.
Aug. 10 - California tech firm Ubiquiti disclosed to investors that a cyber hacker posing as one of its employees used an email scheme to steal more than $46 million from the firm’s accounts.
Aug. 11 - Federal authorities charged nine people in connection with a hacking scheme that provided insider stock trading knowledge and generated about $30 million in illegal profits.
Aug. 15 - The University of Virginia’s computer network was hacked in a cyberattack that officials say appears to have originated in China, following a data breach one week earlier at the University of Miami and another the month prior at Harvard University.
Aug. 17 - The U.S. Internal Revenue Service announced that a cyberattack on one of its computer databases earlier this year caused much more damage than initially reported, with nearly three times as many taxpayers put at risk because of the theft.
Aug. 18 - Hackers started dumping a swath of data containing email addresses, login information and credit card information for millions of Ashley Madison (an adultery facilitating website) members.
Aug. 21 - Florida-based Internet services provider Web.com announced that a breach of one of its computer systems may have exposed the names, addresses and credit card information of 93,000 customers.
Aug. 29 - A Catholic agency in Michigan that handles payroll and employee benefits for more than 100,000 workers warned them that their personal information was compromised in a major cyberattack.
Sept. 1 - A California network security firm discovered that cyber hackers have stolen more than 225,000 Apple accounts from iPhone customers in what’s believed to be the largest known Apple account theft caused by malware.
Sept. 2 - The Heritage Foundation, a Washington think tank, apparently had personal information about some of its donors stolen in a data breach -- at least the second time the group has been the target of a cyberattack in the past three years.
Sept. 3 - A security company discovered that the British version of Dallas-based Match.com’s online dating service was the victim of a major advertising-based malware scheme.
Sept. 4 - A small animal shelter in Michigan fell victim to a cyberattack that eliminated the Facebook page through which it received most of its donations. Cut off from donors, the organization is now running short on funding and may soon have to shut its doors.
Of course, these are merely the attacks that have been reported. If history is any indication, others will surely surface in the months ahead, while others may never be detected, let alone reported.
It’s a reminder to lawmakers that every day we wait to strengthen our nation’s cyber networks leaves the federal government, American businesses and U.S. citizens more vulnerable to attacks.
Tell Congress to Protect America's Cyber Networks