It has been reported that the Idaho National Laboratory, part of the U.S. Department of Energy and one of the country’s foremost advanced nuclear energy testing labs, experienced a massive data breach on the night of Sunday November 26, leading to the leak of employee addresses, Social Security numbers, bank account information and much more. INL media spokesperson, Lori McNamara, was reported to have said that the breach is being investigated and federal law enforcement are involved.
Commenting on the news, Adam Brown, Managing Consultant at the Synopsys Software Integrity Group, said: “The weakness or vulnerability enabling this breach is unknown. INL staff should be vigilant and ensure that they reset passwords, not forgetting to change security questions and look out for an increase in targeted social engineering based attacks.
“For organisations to avoid finding themselves in this situation it’s important to have a software security initiative with sponsorship from the executive level down and with metrics to prove value of the initiative. Such an initiative should include:
- Practices in software security governance (the processes and policies that firms use to ensure security including ensuring that their suppliers are following are applying at least the same level of effort to the security of their software).
- Practices in software security intelligence (the smarts to do secure software, be it internally delivered or procured).
- Doing practical and effective things in their software life cycle to ensure the software is designed, implemented, tested and deployed securely.”