Continuing the trend in recent weeks of high-profile sites being attacked, the open source blog program WordPress announced that it was hacked on Wednesday and the hackers potentially made off with "anything." In a note posted on the WordPress webblog, founder Matt Mullenweg stated "Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed." Mullenweg went on to state that "break-in was limited but proprietary information could have been accessed."
While the extent of the hack is unknown, it potentially could have compromised customer information across the extensive 18 million publishers that use WordPress. Among the information potentially compromised is site source code, including possibly API keys and social media passwords.
The breach is troubling as it not only demonstrates that hackers appear to be refocusing attention on corporate sites (is it just me or does it feel like we've had an uptick?), but also shows how our increasingly interconnected use of technology can be easily compromised. A simple blog site maintained by a corporate interest and using WordPress could now, as a result of the attack, put government and private sector clients at risk.
While the verdict is still out on who committed the crime, it is clear that some action needs to be taken on the cybersecurity front to prevent the spread of personally identifiable information and other sensitive information. The current patchwork of laws and regulations regarding data security and data breach isn't sufficient.
Jessica Herrera-Flanigan
Jessica R. Herrera-Flanigan is a partner at the Monument Policy Group, where she focuses on the issues affecting our nation’s security, technology, commerce, and entertainment markets. Previously, she served as the Staff Director and General Counsel of the House Committee on Homeland Security. She also has served as Senior Counsel at the Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice, where she led the Section’s cybercrime investigation team. She was a Member of the CSIS Commission on Cyber Security and is a Member of the ABA Standing Committee on Law & National Security. She currently serves as the Fellow for Cybersecurity at the Center for National Policy.
Continuous Monitoring As a Service: A Shift in the Way Government Does Business
Research Report: Powering Continuous Monitoring Through Big Data
Addressing the 3 Biggest BYOD Security Threats
Mobile Apps: New Ways to Connect Government with Citizens
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.