Hacker breaches FEMA networks, steals employee data over several months

Core Insights - A hacker accessed the Federal Emergency Management Agency's (FEMA) networks for several months, stealing sensitive employee information [1][4][7] Incident Overview - The Department of Homeland Security (DHS) informed FEMA on July 7 about the breach, which occurred via Citrix Systems Inc.'s remote desktop software using compromised credentials [2] - The breach affected FEMA's Region 6, which includes Arkansas, Louisiana, New Mexico, Oklahoma, and Texas, with data stolen from servers in that region [2][5] - The hacker was active in the network from June 22 until August 5 [5] Response and Consequences - Following the breach, DHS Secretary Kristi Noem terminated two dozen FEMA employees, including several IT executives, citing failures in handling the incident [3][6] - FEMA disconnected the Citrix remote access tool for Region 6 on July 16 and mandated multifactor authentication for employees [5] - Noem criticized the agency's IT leadership for incompetence, highlighting a lack of multifactor authentication as a significant issue [6] Data Compromised - The investigation revealed that federal employee identity data was successfully stolen, although Noem stated that no sensitive data from DHS networks was extracted [7] Related Incidents - On the same day, US officials reported that hackers had compromised Cisco Systems Inc.'s firewall devices within the US government, though it remains unclear if this incident is related to the FEMA breach [8]