State Department email data breach exposes employee data

Personal info was exposed by an unclassified email system breach.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane
Seal of United States Department of State seen displayed on

The US State Department's classified email system was not affected by the breach, it said.

Igor Golovniov/SOPA Images/LightRocket via Getty Images

The US State Department suffered a data breach that exposed some employee data.

The email system breach impacted "less than 1 percent of employee inboxes," according to a Sept. 7 department alert obtained by Politico. The department's classified email system was not affected, according to the alert, which was marked "Sensitive But Unclassified."

"We have determined that certain employees' personally identifiable information (PII) may have been exposed," the alert says. "We have notified those employees."

The agency didn't suggest who might be responsible for the breach, but noted that steps have been taken to secure systems and that the affected employees will be given three years of free credit monitoring, our sister site ZDNet reported.

Watch this: US officials charge North Korean over major hacks like WannaCry and Sony

It's working with an interagency group and a private sector service provider to conduct a full assessment, a State Department official said in an emailed statement.

Last week, a bipartisan group of five senators wrote to Secretary of State Mike Pompeo to find out why the department isn't using basic cybersecurity protections. 

First published Sept. 19 at 3:10 a.m. PT.
Updated at 5:55 a.m. PT: Adds State Department statement.