Over 90% of the Fortune 500 & Treasury Dept Hacked?

CQ Roll Call file photo

One thing is certain, 2020 isn’t over yet.

In what could be called one of the major gaffes of the year, The U.S. Department of the Treasury was hacked, and the hack could have been carried out by foreign entities.

One person even told the Washington Post, “This is looking very, very bad.”

Reuters shed light on what will likely be a developing situation, including the possible foreign involvement:

A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter.

That, unfortunately, is only the beginning of this story…

Reporting on the incident, Robert Wenzel described a scene of panic in the U.S. government: “Officials were scrambling over the weekend to assess the extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the Post adds.”

A long-running and significant breach in the U.S. Treasury security infrastructure will likely generate ripple effects, especially if foreign actors were involved.

Well-known security expert Brian Krebs summarized the potential for both widespread and long-term impacts stemming from this single breach:

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.

Over 90% of the Fortune 500 Affected?

A visit to the SolarWinds website reveals some of the carnage from the hack, including a list of 425 companies in the Fortune 500 that could also have been affected in some way.

In addition to major corporations, Krebs reported the security breach at the Treasury might only be the “tip of the iceberg.”

That’s because SolarWinds also serves other parts of the U.S. government like:

all five branches of the U.S. military
all five of the top five U.S. accounting firms
the Pentagon
the State Department
the National Security Agency
the Department of Justice
the White House

No matter what you think about this still-developing situation, it simply can’t be good.

Microsoft Reveals How Hack’s Impacts Could Reach Consumers

The Guardian also reported on the incident, and identified a potentially chilling effect on consumers of a major Microsoft product: “The hack involves the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.”

Of course, we won’t know if the breach has affected consumers for quite some time, as there are many unanswered questions. The investigation is still in its early stages.

Microsoft did publish a blog post addressing the hack, stating: “We believe this is nation-state activity at significant scale, aimed at both the government and private sector.”

If the private sector is part of the target in a malicious attack like this, then anything is possible. The private sector includes banks, insurance companies, stock exchanges, stockbrokers, basically everyone we do business with.

We don’t want to alarm you but we do want to suggest in the politest possible way it would be a good idea to take any precautions you feel necessary.

Especially those precautions that can help to protect your money.

Maybe It’s Time to Balance Out Your Digital Portfolio

If most of your retirement nest egg can be accessed digitally, then perhaps it’s time to consider re-balancing your risks. (Of course, your bank and your retirement account websites will SAY they’re perfectly safe – just like the Treasury Department did.)

It might make sense to add physical assets like gold or silver to your savings. Precious metals can’t be “hacked” because they aren’t digital, aren’t online, and aren’t stored in any computer.

2020, cyber fraud, Featured, hackers