Email accounts in the offices of 27 US district attorneys were breached during the SolarWinds supply-chain cyber-attack last December, the department of justice (DoJ) has admitted.

When announcing last January its Microsoft Office 365 email environment had been breached, the department did not give information about the attorneys, whose role is to be the state’s prosecutors in court proceedings.

In a 30 July statement the DoJ accepts that when victims make information public about the nature and scope of computer intrusions they suffered, others can use it to prepare themselves for the next threat.

The DoJ said a minimum of one employee account was accessed at 27 offices across the country.

The hackers are thought to have had access to the sent, received, stored and attachment data of the breached accounts from about 7 May to 27 December last year. The security flaw was plugged last January.

“The department’s objective continues to be mitigating the operational, security, and privacy risks caused by the incident,” tech industry news service CNet quoted the DOJ as saying.

The attorneys’ offices hit by the email breach were in California, the District of Columbia, Florida, Georgia, Kansas, Maryland, Montana, Nevada, New Jersey, New York, North Carolina, Pennsylvania, Texas, Vermont, Virginia and the state of Washington.

US intelligence says the SolarWinds hack, which hit customers of IT software provider SolarWinds, probably originated in Russia.


PrivSec Global is back for another 2 information-packed days, featuring a series of brand new topics and themes. Register now and hear industry experts discuss Global Data Protection and Privacy Law Developments.