The State Department detected unusual activity in its unclassified email system that may have compromised some employees’ personal information. A spokesperson said the “activity of concern” affected less than 1 percent of State employee email inboxes, and there is no evidence it affected State’s classified email system.
The investigation is ongoing. The department is providing three years of free credit monitoring and identity protection services to affected employees.
State has been getting poor marks on cybersecurity audits. A recent GAO report found the department was using multi-factor authentication on only 11 percent of agency devices. Its inspector general found in July that only one-third of overseas missions were conducting basic cybersecurity checks.