U.S. government cybersecurity is in the limelight again because a scan of First Lady Michelle Obama’s passport has appeared online.
According to the White House, the Gmail account of a government contractor that was responsible for booking travel arrangements was breached. This allowed the hacker to gather a great deal of information, including not only the passport scan, but also the names, social security numbers, and travel schedules of some staff members. The data was posted on DCLeaks.com where former secretary of state Colin Powell’s emails were posted recently.
The veracity of the document has not been fully confirmed but U.S. attorney general Loretta Lynch said that the incident was “something that we are looking into.” The Secret Service said it was aware of the matter but would not say if a formal investigation will commence. A White House spokesperson told The Guardian it was taking a “close look” but was keen to point out that it was likely a contractor that was hacked, not a government network.
The image of Michelle Obama’s passport itself will not cause too much damage. While it does make her passport number public, the rest of the information, like birth date, her photograph, and place of birth were all public information anyway. It does however raise questions over why a government contractor was handling this information through its Gmail account and what other data could be vulnerable in similar situations.
This is the latest cyber incident to hit U.S. politics this year after the Democratic National Committee was targeted by hackers this summer. In that incident, the hackers released swathes of emails, and forced the resignation of DNC chairwoman Debbie Wasserman Schultz. Speculation has run rampant that Russian hackers working with the Russian government were responsible.
There has been no comment on whether this latest breach is connected to that one in any way but alleged state-sponsored hacking attacks are becoming a bigger and bigger concern. Just this week Yahoo announced the details of a massive hack that affected 500 million accounts, which it is blaming on state actors.