« Tampa board backs Wainio with rail and container terminal expansions | Main | Dole reefer ship down, Maersk steps in with only 100 reefer slots »

To Homeport Users,

On July 11, 2011, U.S. Coast Guard personnel were notified by a contractor with the Department of Homeland Security that the U.S. Coast Guard's HOMEPORT system may have been compromised by an intentional cyber intrusion on or about July 6, 2011.  HOMEPORT is a public-facing application for maritime security created to provide information and services to the maritime community and the public via the internet.  

U.S. Coast Guard Information Technology (IT) analysts were able to confirm the intrusion by July 12, 2011 and the HOMEPORT site was pulled offline on July 13, 2011 for further analysis.

We believe the intrusion was orchestrated by a group whose standard process is to extract data and post it publically as a political statement.  They do not target specific information, nor does the group use it in any way other than to release it publically.

Information that may have been obtained in the intrusion includes the following: name, rank/grade, employment class, position/job title, job code, city/state, sector name, grade level, Administrative Target Unit (ATU) and/or Coast Guard District/Department ID.  [ATU could be the Coast Guard District or unit where one is stationed.]  As of this correspondence, we have not seen this information posted on the Internet and we continue to monitor the situation. 

The U. S. Coast Guard brought HOMEPORT back on line on July 18, 2011.  Prior to redeploying HOMEPORT, the U. S. Coast Guard mitigated all known vulnerabilities and actively took steps to prevent reoccurrence.

Your HOMEPORT password was reset.  If you have not already done so, create a new password by clicking the forgotten password option in HOMEPORT.  Make sure it is sufficiently different from your old password so that it cannot be guessed by someone who knew your old password.  If you used your HOMEPORT password for other password protected sites or programs, we recommend, as a precaution, that you reset those passwords as well. 

While it is highly unlikely based on our forensic analysis that sensitive personal information such as social security numbers was obtained by the intruders, you should continue to adhere to good online security practices.

One of the vulnerabilities you may experience due to the data compromise could include receiving emails from individuals who claim to be from the U.S. Coast Guard attempting to get or asking to verify personal or non-public information about you.  This is called phishing and the U.S. Coast Guard would never send such an email to you.  Do not answer the email.

We apologize for any inconvenience or concern this matter may cause you.  We are dedicated to protecting the information you provide us and hope that we retain your trust and confidence.

Please forward any suspicious emails that appear to be related to the HOMEPORT cyber intrusion to LT Connie Williamson at 202-372-1310 or connie.l.williamson@uscg.mil.   


_______________________________________________
Non-CG-HIP-Registered-Users mailing list
Non-CG-HIP-Registered-Users@cgls.uscg.mil
http://cgls.uscg.mil/mailman/listinfo/non-cg-hip-registered-users

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a010537193d4d970b014e8a23f629970d

Listed below are links to weblogs that reference This from USCG - Homeport page may be compromised.:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.