A senior lawmaker has asked the White House whether the Russian hack of its unclassified computer networks last fall compromised personal data of ordinary Americans that was submitted by e-mail before a White House meeting, tour or social function.
The White House declined to say whether that was the case, but some U.S. officials privately said there was no evidence that such data — names, birth dates and Social Security numbers — was taken.
Nonetheless, Sen. John Thune (R-S.D.), chairman of the Commerce Committee, is seeking assurance from the White House that it will quickly notify affected individuals if a breach compromises their personal data.
White House spokesman Mark Stroh confirmed that the White House had received Thune’s April 30 letter. “While we will not comment further on details of the [White House] activity we have previously disclosed and briefed to the Hill,” he said, “we have consistently supported timely notification in the event of data breaches, consistent with existing federal policy.”
He said that “the White House acts in accordance with this policy and consistent with the policy’s security considerations that are necessary to protect federal networks.”
U.S. officials, who spoke on the condition of anonymity because they were not authorized to speak for the record, said they had not seen evidence that the incident last fall compromised such information. Rather, they said, the hackers apparently were conducting a traditional espionage campaign for foreign intelligence purposes, in contrast to a penetration intended to damage a system or to steal personal information to enable identity theft.
Russian government operatives, officials said, tend to be more targeted in their cyber-tradecraft than, say, the Chinese. The Russian hack was first reported by The Washington Post in October.