Hackers Copy Secret Army Files, Follow United Fliers, and Expose Planned Parenthood Employee Names

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Former Chinese Military Member Caught Downloading Secret Army Files

Wei Chen, while serving as a U.S. defense contractor, allegedly plugged a personal thumb drive into computers connected to classified and unclassified networks, against protocols.

At the time, Chen was serving as a system administrator at a U.S. Army base in Kuwait.

To gain employment as a Pentagon contractor, Chen, a one-time Chinese anti-aircraft unit member, allegedly lied on an SF-86 form required for gaining a security clearance.

When asked if he had ever served in the military for another country, Chen answered he had not.

After downloading the unauthorized material onto the flash drive, he allegedly tried to cover up his actions by deleting network logs on the server.

OPM Hackers Allegedly Penetrated United Airlines Computers, Too

Investigators have tied an attack against the airliner to a China-backed team they say is behind recently-disclosed hacks into U.S. security-clearance systems and federal insurance provider Anthem.

In May 2015, Office of Personnel investigators began drawing up a list of additional possible victims in the private sector and provided those firms with digital signatures that might indicate breaches of their systems. United Airlines was on that list.

"The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised," Bloomberg reports. 

Private Data on Planned Parenthood Employees Leaked Online

Activists, perhaps in protest, or perhaps out of boredom, pulled personal information from the organization's website and published it to the Web.

3301, a hacktivist group taking credit for the stunt, says shoddy coding on Planned Parenthood's site made the hack possible.

In an online post, the group said it used a so-called Blind SQL, an attack that exploits unseen error messages returned from a website database.

Motherboard reports: "The group published the databases that support Planned Parenthood's website, an employee list, as well as their email addresses and encrypted passwords. Beyond the encrypted passwords, it appears as though nothing that was published is particularly sensitive data."
 
Georgia Agency Emails a Contractor the Health Diagnoses of 3,000 Senior Citizens

The state’s Department of Human Services Division of Aging Services accidentally revealed medical details on elderly individuals to an outsider.

"No other personal information—Social Security numbers, Medicaid numbers, dates of birth or contact information—was disclosed,” agency officials said.

The state program that made the mistake helps people at risk of being placed in nursing homes remain in their communities. 

(Image via IanC66/ Shutterstock.com)