Breach cyber

Login.gov

Jun 6, 2025 1 min read
Login.gov

The US government's Login.gov identity verification system is at risk due to inadequate backup testing policies. The GAO reported that while Login.gov backs up its data, it hasn't fully established or implemented policies to test these backups. This oversight could lead to complete data loss in the event of a breach, severely impacting the system's core services. The issue is compounded by an understaffed security engineering team and other technical challenges, which have forced federal agencies to rely on third-party identity proofing services, costing around $209 million between 2020 and 2023.

Source: https://www.theregister.com/2025/06/04/login_gov_backup_testing_insufficient_gao/

TPRM report: https://scoringcyber.rankiteo.com/company/usajobs

"id": "usa419060625",
"linkid": "usajobs",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Government',
                        'location': 'United States',
                        'name': 'Login.gov',
                        'type': 'Government Service'}],
 'date_publicly_disclosed': '2025-06',
 'description': "The US government's Login.gov identity verification system is "
                'at risk due to inadequate backup testing policies and '
                'procedures. The system has not demonstrated that its backup '
                'data is sufficient to restore functionality in case of a '
                'catastrophic attack.',
 'impact': {'operational_impact': ['Potential complete loss of data',
                                   'Negative impact on core services'],
            'systems_affected': 'Login.gov'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': ['GSA to fully implement and '
                                                   'demonstrate the '
                                                   'effectiveness of the '
                                                   'backup testing policy'],
                            'root_causes': ['Understaffed security engineering '
                                            'team',
                                            'Lack of full backup testing '
                                            'policy implementation']},
 'recommendations': ['GSA to implement and demonstrate the effectiveness of '
                     'the backup testing policy'],
 'references': [{'date_accessed': '2025-06',
                 'source': 'US Government Accountability Office'}],
 'regulatory_compliance': {'regulations_violated': 'National Institute of '
                                                   "Standards and Technology's "
                                                   'IAL2 identity proofing '
                                                   'standards'},
 'response': {'remediation_measures': ['GSA established a policy for testing '
                                       'backup data']},
 'title': 'Login.gov Backup Testing Policy Deficiency',
 'type': 'Policy Deficiency',
 'vulnerability_exploited': 'Inadequate backup testing policy'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Helsinki

public 1 min read
A data breach affecting Helsinki, Finland’s capital and largest employer, exposed sensitive personal data of over 300,000 people.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.