The U.S. Agency for Global Media (USAGM, previously known as the Broadcasting Board of Governors) is an “independent federal agency overseeing public service media networks that provide unbiased news and information in countries where the press is restricted.” The agency recently disclosed a breach exposing the personal information of current and former employees, possibly exposing beneficiaries as well. In a letter sent to those affected by the breach, USAGM states that the breach occurred after a phishing attack in December 2020. The actor gained access to an email account that had personal information for employees working for USAGM, Voice of America, and Office of Cuba Broadcasting between 2013 and 2020. Exposed information included names and Social Security numbers of employees, and potentially the Social Security numbers of beneficiaries and dependents as well.
After learning of the breach, USAGM began providing education on phishing to employees. The agency also sped up enabling multi-factor authentication for Office 365 accounts. These are great first steps and Binary Defense highly recommends that organizations provide some form of regularly occurring education around phishing and provide a way for employees to report suspicious emails. USAGM is offering employees a one-year subscription to Experian IdentityWorks, an identity theft protection service.