The State Department recently suffered a breach of its unclassified email system, and the compromise exposed the personal information of a small number of employees, according to a notice sent to the agency’s workforce.
State described the incident as “activity of concern … affecting less than 1% of employee inboxes” in a Sept. 7 alert that was confirmed by two U.S. officials.
“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the alert said. “We have notified those employees.”
The classified email system was not affected, according to the alert, which was marked “Sensitive But Unclassified.”
Watchdog reports have consistently dinged State for its insufficient cybersecurity protections, and last week a bipartisan group of senators asked Secretary of State Mike Pompeo how the department was responding. The secretary has yet to respond to the senators’ letter.
Following the email breach, the department convened a task force to examine the incident, according to a U.S. official, who requested anonymity to discuss a security matter.
The State Department confirmed the breach of its cloud-hosted email service. “This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment,” spokeswoman Nicole Thompson said in an email.