WASHINGTON — Federal agents notified more than 3,000 US companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions.
The alerts went to companies large and small, from local banks to major defense contractors to national retailers such as Target, which suffered a breach last fall that led to the theft of tens of millions of Americans’ credit card and personal data, according to government and industry officials.
‘‘Three thousand companies is astounding,’’ said James Lewis, a cyberpolicy expert at the Center for Strategic and International Studies. ‘‘The problem is as big or bigger than we thought.’’
Advertisement
The number reflects only a fraction of the cyberintrusions into the private sector by criminal groups and foreign governments and their proxies, particularly in China and Eastern Europe. The estimated cost to US companies and consumers is up to $100 billion annually, analysts say.
The scale of notifications is an effort to ramp up the sharing of threat information by the FBI, Department of Homeland Security, and other agencies with US companies, officials say. The alerts follow a February 2013 executive order by President Obama to ‘‘increase in volume, timeliness, and quality’’ the cyberthreat information shared with the private sector.
The disclosure comes as the government struggles to pass legislation to set security standards that companies in critical sectors must follow. It also comes amid reports the National Security Agency has breached the servers of a Chinese telecommunications firm in order to learn if the company has been spying on behalf of Beijing, although agency officials say the United States does not steal corporate data to benefit US companies’ competitiveness.
In the absence of cybersecurity legislation, the government last month unveiled a voluntary framework of best practices that companies can follow to secure their computer networks. Lisa Monaco, deputy national security adviser for homeland security and counterterrorism, told industry leaders at a White House event that the government had alerted more than 3,000 companies, officials said.
Advertisement
‘‘When companies are notified that they have been victimized by malicious cyber actors, it should be a wake-up call,’’ White House cybersecurity coordinator Michael Daniel said in a statement to The Washington Post. ‘‘US businesses must improve their cybersecurity.’’
Daniel said that companies need to make ‘‘smart investments’’ in personnel and technology, and that staying on top of threats through information-sharing with government is key.
‘‘These notifications are helping to build and exercise public-private teamwork on a daily basis,’’ he said.
About 2,000 of the notifications were made in person or by phone by the FBI, which has 1,000 personnel dedicated to cyber investigations at 56 field offices and its headquarters. Some of the notifications were made to the same company for separate intrusions, officials said.