Thune Launches Probe Into Attack on White House Computer System

The Telecommunications Law Resource Center is the most comprehensive reference and news platform for communications law, covering broadcasting, cable, broadband, telephony and wireless;...

By Alexei Alexis

May 4 — Senate Commerce, Science and Transportation Committee Chairman John Thune (R-S.D.) has launched an investigation into a recent attack on White House computer networks, citing concerns about the potential exposure of Americans' personal data.

In a letter to President Barack Obama, Thune said it is likely that the breach compromised the personal information of many Americans, given that individuals seeking to enter the White House—whether for an official business meeting, tour or social function—must provide information such as a date of birth, Social Security number, and place of residence.

“Just like any entity that handles personally-identifiable information, the White House has a responsibility to notify Americans if the recent, or any future breach, results in a compromise,” Thune said in a May 3 statement.

The White House did not respond to a request for comment.

Recent reports indicate that a malicious attack on the unclassified computer system of the White House, attributed to Russian hackers, is more extensive than previously known, the letter noted.

Breach Notification

Among other questions, Thune asked whether any personally identifiable information was accessed or lost, and if so, whether the White House has ensured that those affected have been notified in a manner consistent with the federal Privacy Act, Office of Management and Budget data breach notification guidelines for the federal government, and Obama's “own recommended direction to business entities” under a legislative proposal unveiled earlier this year.

Thune also inquired about steps the White House is taking to prevent such breaches. Given the recent attack, as well as prior incidents in 2009 and 2011, concerns remain that the White House’s network infrastructure remains vulnerable, he said.

In January, Obama rolled out a package of legislative proposals to bolster the nation's cyberdefenses in the wake of high-profile breaches suffered by U.S. companies such as Sony Pictures Entertainment. The package included legislation dubbed the “Personal Data Notification and Protection Act,” which would establish a national breach notification standard for companies in an effort to curb identity theft and harmonize existing state laws. The proposal would establish a 30-day notification requirement from the discovery of a breach.

Similar legislation was approved last month by the House Energy and Commerce Committee and now awaits floor action. Thune has said the issue is among his priorities for the current Congress but has not yet indicated how soon his panel will take action.

To contact the reporter on this story: Alexei Alexis in Washington at aalexis @bna.com

To contact the editor responsible for this story: Heather Rothman at hrothman@bna.com

The letter can be found at http://op.bna.com/der.nsf/r?Open=sbay-9w7q3j.