This shows one of the biggest issues in dealing with Data given out and being on the cloud in some way. The facts are still being developed but the method is fairly common. The data in this case often used by third party vendors to help people gain employment was not as secure as the data stored by the vendor the person providing the data to apparently was. This by the way is not as damaging by far as the OPM data breach a few years ago, which had that actual clearance data, very sensitive data, that will be used by China for years to come to decide who to target in the US Government by Chinese Agents. But in that case a slightly different method was used to gain the data. But still a third party was used to get around the security of the Government data base. Just like in any intelligence gathering attack, either for a Government or a Criminal element they always look for the weakest link, so after deciding the data they want they probe the security, during which time they will also see which other traffic is accessing the site, and each of those can be tracked back to an entity. If the security of the primary target proves too difficult then they go after the next targets. Always looking for the softest target, Everyone is at risk, and everyone could become a target, even you. It is not just employment data that is targeted, Health data is according to the Chinese intel targeting plan in one of their manuals. As soon as they gain the data, they look for more targeting data, the data they do not consider valuable they let their operatives put up for sale on the dark web. Which is then used by criminals to conduct ID theft and other criminal activity. Always they are looking for the weakest link, now look for a second at how many Doctors and their staff access the Health data cloud every day. Now do we have any weak links?
from CTI Consulting http://ift.tt/2etP6QY