Cyber Incident Victim: Radio Free Asia
Date:
Jun 2022
Location:
United States of America
Summary
A U.S. government-sponsored news organization experienced a breach compromising personal data of nearly 4,000 individuals, including Social Security numbers, passport details, addresses, driver's license information, health insurance records, medical data, and limited financial information. The intrusion exploited a previously unknown vulnerability in a service provider's system, leading to unauthorized access. The organization took immediate containment measures such as disabling affected systems, initiating an investigation with cybersecurity experts, collaborating with law enforcement, resetting credentials, and migrating email services to a new cloud environment. While no evidence of data misuse was found, impacted individuals were offered complimentary credit monitoring. Relevant authorities, including U.S. cybersecurity agencies and congressional representatives, were notified of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 17, 2022, Radio Free Asia (RFA), a U.S. government-funded news organization covering Asia, experienced a cybersecurity breach involving unauthorized access to its email system and a limited number of servers. The incident was discovered by RFA on June 28, 2022, prompting immediate containment measures, including taking affected systems offline, changing passwords, and migrating to a new cloud-based email environment. An investigation involving data privacy and security professionals determined the breach stemmed from an exploit of a vulnerability in a third-party service provider’s system, which RFA had been unaware of prior to the compromise. The breach exposed sensitive personal information belonging to 3,779 individuals, including Social Security numbers, passport numbers, driver’s license details, addresses, health insurance information, medical records, and limited financial data. RFA confirmed no evidence of data misuse at the time of disclosure but initiated victim notifications in compliance with regulatory requirements, including filings with Maine’s attorney general.
In response to the breach, RFA engaged law enforcement agencies, the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Congress, and the United States Agency for Global Media, its primary funder. The organization offered affected individuals two years of complimentary credit monitoring services through Equifax as a precautionary measure. RFA’s spokesperson, Rohit Mahajan, clarified that the hackers never contacted the organization directly, and the breach was identified internally through system monitoring. The incident underscored operational disruptions, including the temporary shutdown of compromised systems and the transition to new infrastructure, though RFA maintained its news coverage throughout. No further technical specifics about the attacker’s identity, methods beyond the service provider exploit, or broader organizational impacts were disclosed publicly.