You work as a support contractor for a government agency as a cyber defense incident responder. As part of a large support team, you help to identify, analyze, and mitigate threats to the systems and networks of this government agency. Your company is up for a contract renewal this year.
During a log analysis review of the intrusion detection logs, you notice a trend where requests from an unknown IP address were attempting to access several databases across the network. In each case, access was denied for the first two weeks of the monitoring period, but over the last week, the user was successful in accessing the system and apparently downloaded several hundred thousand HR records that included personally identifying information (PII) from thousands of agency personnel and subcontractors.
You immediately notify your boss, Joe Dallas, who is also a support contractor working for the same company as you. You provide him with the documentation and ask for next steps. Joe seems upset with you for not reporting this incident sooner. You mention to him that you were off on vacation for the last two week and the logs weren’t monitored during that time.
As Joe looks closer at the incident, he determines that somehow root access was made available to the unauthorized user, making the situation much more concerning as the user may still have access to all of the systems throughout the network. Joe says he will review the situation with upper management and take appropriate action.
About a week later, you ask what the next steps are and how you can help resolve the matter. Joe says, “Don’t worry about it. It’s been taken care of.” As you review the logs, however, the problem still seems to be present with unauthorized access and data leakage of sensitive documents. In the meantime, you receive an email from the government customer asking you for a report on the status of the system security. From the message, it does not appear the customer has any idea that a security breach has occurred. What should you do? Please provide a rationale for your answer.
