If you don’t know the name, SolarWinds, that’s about to change.
SolarWinds is a software company that provides tools for management data networks that are used by many large companies and US government agencies.
The problem? SolarWinds was hacked by Russian intelligence services more than eight months ago. The hack was only discovered this month. Basically, corporations, Federal agency, state and local agencies, and private foundations that use their software have had secrets shipped to Moscow. That may include sensitive personal information on your healthcare and finances. It was there for the taking if the Russians wanted it.
The Russians expanded the damage by using the SolarWinds hack to penetrate and steal threat detection tools from a major Internet security form, FireEye. From there, they hacked Google and Gmail (see below), and the Verizon subsidiary, Yahoo, as well as the Pentagon and US Treasury.
For you, Blue Cross and Blue Shield was listed as a SolarWinds client (see list below), and that means that Independence Blue Cross, Horizon Blue Cross and a host of other health insurers are probably compromised. This could be the largest HIPAA violation since that law was passed.
Google and its Gmail is compromised. If you sent a message to a gmail subscriber, you may have gotten a bounceback that the email account doesn’t exist — even if you are simply replying to a message your received. That happened to me this week (no, I don’t used gmail for business or personal messages, just for calendar management).
SolarWinds is trying to cover its tracks by deleting a list of customers from its website.(2) However, SolarWinds claims that Federal agencies and 450 of the the Fortune 500 companies are clients. MSN published a partial list of SolarWinds customers before SolarWinds took their list down.
The Trump administration has done next to nothing to protect the US from hacking by Russia, China, or anyone else. They compounded that inaction by firing the director of the office charged with dealing with cyberterrorism, because he disagreed with the president about the integrity of the recent election.
Now we are seeing the cost of lax management.
Here are some of the companies into which Russian intelligence has gained access. The list includes credit cards, retailers, car manufacturers, cosmetics and personal grooming, cable-TV services, telephone companies, electric utilities, museums and universities. Your data were available for the taking. Whether the Russians wanted it or not is up to them.
Apple users can take heart. We know that Microsoft and Google were hacked, but there is no evidence that Apple was involved at this time.
Bottom line: you need to change ALL passwords on all of your accounts NOW!