ADVERTISEMENT

Congress Launches Probe Into White House Data Breaches

Hackers may have swiped info on U.S. citizens, high-level meetings

Sen. John Thune / AP
May 5, 2015

Congress has launched a probe into cyber attacks on White House computer networks that are believed to have exposed personally identifiable information of U.S. citizens and official meetings with ambassadors, according to a letter sent to President Obama by a Senate investigatory committee.

Lawmakers are attempting to determine the extent of a recent breach reported to have been committed by Russian hackers in 2014. While the White House initially downplayed the extent of the information accessed by these cyber criminals, investigators say the breach may have been more widespread than previously believed.

The White House has revealed few details about the attack, but it is believed the 2014 breach is just one of several attacks by hackers in recent months.

Sen. John Thune (R., S.D.), chairman of the Senate’s Committee on Commerce, Science and Transportation, is now seeking to determine the full extent of the breach and to discern how much personal information the hackers accessed.

"Though the hackers do not appear to have accessed any classified information, the unclassified computer system reportedly contains a great deal of sensitive information, such as schedules, policy discussions, and emails you sent and received, including exchanges with ambassadors," Thune wrote in a letter to Obama on April 30.

The system breached by hackers also contained information about Americans who have been to the White House, compromising their social security numbers and other personal information.

It is unclear whether the White House has contacted these individuals to let them know that their information was potentially accessed.

"Increasing reports of attacks across Executive Branch departments and agencies raise serious questions as to whether they are adequately prepared to address vulnerabilities and protect sensitive information," Thune wrote. "Given this recent hack, as well as prior incidents in 2009 and 2011, concerns remain that the White House’s network infrastructure remains vulnerable."

A White House National Security Council (NSC) spokesman would not provide further information about the 2014 breach but said that the administration is working to keep lawmakers informed about cyber threats.

"While we will not comment further on details of the EOP activity we have previously publicly disclosed and briefed to the Hill, we have consistently supported timely notification in the event of data breaches, consistent with existing federal policy," Mark Stroh, a spokesman for the NSC, said in a statement. "The White House acts in accordance with this policy and is consistent with the policy's security considerations that are necessary to protect Federal networks."

However, Thune is seeking more information. He has given the White House a May 15 deadline to answer key questions about the breach.

The Senate committee is requesting information about whether the recent attack compromised the personally identifiable information of any individuals. It also is seeking to determine whether the White House has informed those who may have had their information compromised.

The committee also is seeking a detailed readout of the security policies the White House has in place to prevent such attacks in the future.

While the White House has issued public notifications regarding data breaches in the past, a 2007 policy document released by the White House states that it "does not attempt to set a specific threshold for external notification since breaches are specific and context dependent and notification is not always necessary or desired."

Thune’s office is pushing the White House to be more transparent when it comes to breaches that could affect Americans.

"While the White House’s own data breach notification policy states that ‘notification is not always necessary or desired,’ Sen. Thune continues to seek assurances from the White House that it will notify affected Americans should it become apparent that personally-identifiable information, which could harm individuals, was lost in the recent cyberattack," said Thune’s spokesman, Frederick Hill.