The State Department was reportedly hit by a cyberattack in recent weeks, prompting the Department of Defense's Cyber Command to send out notifications warning of a possible serious breach.
Fox News reported on Saturday that it is not yet known how extensive the breach was, or who is behind it. It is also still unclear if the attack affected any State Department operations, according to the network.
The timing of the attack is still unclear, but a Fox News reporter tweeted that "it is believed to have happened a couple weeks ago."
It is unclear when the breach was discovered, but it is believed to have happened a couple weeks ago.— Jacqui Heinrich (@JacquiHeinrich) August 21, 2021
A source familiar tells Fox the State Department’s ongoing mission to evacuate Americans and allied refugees in Afghanistan “have not been affected”.
A source familiar with the evacuation effort for American citizens and allies in Afghanistan told Fox News that Operation Allies Refuge has “not been affected.”
Reuters, citing an unidentified source, reported that the State Department has not seen significant disruptions and that its operations have not been impeded at all.
“The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” a State Department spokesperson told The Hill in a statement.
“For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time,” the spokesperson added.
The Senate Committee on Homeland Security and Government Affairs earlier this month rated the State Department’s information security program with a D grade, which is the lowest possible rating the government model gives.
The panel's said the department was “ineffective in four of five function areas.”
“Auditors identified weaknesses related to State’s protection of sensitive information and noted the Department ‘did not have an effective data protection and privacy program in place,’” it added.
The Senate committee also found that the department was unable to “document that it had defied controls related to the protection of data at rest and in transit.”
A number of U.S. companies have been hit with cyberattacks in recent months, including Colonial Pipeline and JBS Foods.