The memo mentions the August breach, as well as the disclosures LastPass made earlier this month. It was addressed to all state agency information security officers and chief information security officers. The March 3 memo sent to Arizona state government agencies, which ADOA provided to the Mirror, is from the state’s chief privacy and compliance officer, who works at the Department of Homeland Security. LastPass first disclosed that there was a breach in August 2022, with the company saying that hackers stole part of their source code and it was actually the second time the company had been hit. Rose added that discussions have been happening “at regular meetings” since the first public notice of the breach last summer. That employee, a LastPass engineer, had his master password captured by a piece of software installed on his computer called a keylogger, which then bypassed LastPass’ multi-factor authentication protections and gained access to the corporate vault.Īccording to the blog, once inside the vault, the hacker stole the keys that would allow them to access “production backups, other cloud-based storage resources, and some related critical database backups.”ĪDOA spokeswoman Megan Rose told the Mirror that an official communication went out referencing LastPass’ issues on March 3, two days after the Mirror first asked which state agencies were using the software. That employee had decryption keys which are needed to access cloud storage data where sensitive information is held. LastPass has come under intense scrutiny for a series of disclosures over recent months that culminated in a blog post that revealed a hacker gained internal company access to the company’s corporate vault by targeting the home computer of one of its employees.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |