Data Leak of U.S. Agency for International Media due to Phishing Attack

The U.S. Agency for Global Media (USAGM) has announced that the personal information of its employees and their dependents has been exposed in an information breach.

USAGM is a government agency whose mission is to “inform, engage and connect people around the world in support of freedom and democracy. It operates broadcast networks such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks to disseminate news and information around the world.

According to information, USAGM was caught in a phishing attack in December 2020 and suffered a data breach.

This phishing attack allowed attackers to gain access to the organization’s email accounts containing the personal information of current and former employees of USAGM, Voice of America, and the Office of Cuba Broadcasting between 2013 and 2020. In addition, we have been able to access the email accounts of current and former employees of USAGM, Voice of America, and Office of Cuba Broadcasting.

Personal information disclosed included the employee’s full name and social security number, as well as insurance beneficiaries and dependents.

USAGM has protected the affected accounts after confirming the fact of the information leak. It has begun training its staff on how to respond to phishing. It is also accelerating the implementation of multi-factor authentication (MFA) for the agency’s Office 365, SharePoint, and OneDrive accounts.

Current employees were not notified of this incident by USAGM until four months after the data was compromised.

In the meantime, further phishing attacks and exploitation of personal information may have been carried out using the personal information obtained from the data breach.