The hacks just keep on coming – and it seems like government agencies are now just as likely to be targets as corporations.
Late last week, the FBI said it was investigating a major cyber breach at the US government’s human resources arm that might have affected up to 4 million current and former federal employees.1
According to the Financial Times, the FBI said the breach happened at the Office of Personnel Management, which processes security clearances for federal employees and contractors. The OPM said it would send out notices to the millions of people whose personal identification information might have been exposed, the report said.
The OPM has personnel files on employees working at nearly every federal agency. The Department of Homeland Security said that data from the Department of the Interior was also compromised.
As the FT noted, the hacking incident is just the latest in a series of major breaches in the US government, with the White House, the State Department and others reporting cyber intrusions in the past year.
Late last month, the Internal Revenue Service said criminals used stolen data to gain access to past tax returns of more than 100,000 people through an application on the agency’s website.2
Using Social Security numbers, birth dates, street addresses, and other personal information obtained elsewhere, the criminals completed a multistep authentication process and requested the tax returns and other filings, the IRS said.
Information from those forms was used to file fraudulent returns, the IRS said, and the agency sent nearly $50 million in refunds before it detected the scheme.
As the New York Times pointed out, security and tax experts have warned that the IRS breach might be a prelude to more targeted schemes aimed at duping taxpayers into handling millions of dollars over to criminals or to help thieves circumvent the agency’s security filters next year and beyond.
While the future of data breaches looks frighteningly uncertain at best, it may be more sanguine for investors in cyber security stocks, which, as a group, have rallied as corporate and governmental data breaches keep making headlines.
The Cyber Security motif has gained 48.5% over the past 12 months. In that same period, the S&P 500 has increased 6.7%.
Over the past month, the motif has risen 6.2%; the S&P 500 is down 1%.
Writing for TheStreet.com’s Real Money, Adam Sarhan reported the fundamental case for cyber security is very strong. Citing a piece in Forbes, Sarhan wrote that one study showed that total worldwide costs for data breaches topped several-hundred-million dollars in 2014 and is “growing at an astronomical rate.”3
For Sarhan, this could signal a huge opportunity for cyber-security firms. The threat is worldwide rather than limited to one country, and most cyber-security companies offer subscription services that generate recurring revenue rather than one-time payments. In addition, Sarhan wrote, “cyber-security threats are also here to stay regardless of what happens with the Fed, the broader economy, or almost any other factor that can adversely affect stocks.”
Sarhan also believes the sector is fragmented and ripe for consolidation — think of airlines 10 years ago.
That could translate to older and larger tech names entering the space and buying a few of the emerging players, or forcing a few small players to merge for strategic reasons.
1Gina Chon and Hannah Kuchler, “Hackers in China suspected over US breach,” ft.com, June 5, 2015.
2Patricia Cohen, “I.R.S. Data Breach May Be Sign of More Personalized Schemes,” nytimes.com, May 27, 2015, http://www.nytimes.com/2015/05/28/business/irs-data-breach-may-be-sign-of-more-personalized-schemes.html, (accessed June 8, 2015).
3Adam Sarhan, “Cyber-Security Stocks Look Like Safe Bet,” thestreet.com, May 22, 2015, http://realmoney.thestreet.com/articles/05/22/2015/cyber-security-stocks-look-safe-bet, (accessed June 8, 2015).