Thune Asks Obama Whether Americans’ PII is Vulnerable After White House Cyberattack
Sen. John Thune, R-S.D., wrote President Barack Obama asking whether the recent data breach on the White House information system compromised Americans’ personally identifiable information (PII), said a Thune news release Sunday. Thune, chairman of the Senate Commerce Committee, wrote…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
in Thursday's letter that the “malicious cyber intrusion on the unclassified computer system of the White House, attributed to Russian hackers,” allowed access to a “great deal of sensitive information such as schedules, policy discussion, and e-mails you sent and received, including exchanges with ambassadors,” and Americans' PII. To enter the White House for an official business meeting, tour or social function, an individual “must submit his or her date of birth, social security number, gender, country of birth, citizenship and place of residence,” Thune said. Since the information is usually emailed, Thune said he was concerned “this recent incident may have exposed the personally identifiable information of many individuals and they may, as yet, be unaware of their vulnerability.” Just "like any entity that handles personally-identifiable information, the White House has a responsibility to notify Americans if the recent, or any future breach, results in a compromise,” said Thune. “If such information has been lost, the White House still has a responsibility to victims even if it believes the hack was perpetrated by foreign spies and not cyber thieves.” Reports of increased attacks on executive branch departments and agencies “raise serious questions” whether they're “adequately prepared to address vulnerabilities and protect sensitive information,” Thune said. He asked the White House to respond to questions by May 15: whether the cyber incident resulted in the access or loss of PII; if yes, whether the White House notified those affected in a manner consistent with Office of Management and Budget policy, the Privacy Act and Obama’s "recommended direction to business entities under [his] data breach notification legislative proposal”; steps the White House took protect against similar incidents; and what policies the White House has to ensure individuals are notified when PII is compromised. The White House had no immediate comment.