SpyCloud for Government Agencies

Federal agencies in the United States experienced more than 28,000 cyber incidents in 2019. In 2020, with COVID-19 shuttering most federal offices, attacks skyrocketed. Seventeen million government records were leaked in Q1 alone, and it didn’t let up; by December, at least 18,000 U.S. government and private networks had been infiltrated. It will take years – and upwards of $100 billion in taxpayer money – to know how to gain control and repair the damage caused by one of the most severe hacks targeting government networks and businesses in modern history.

For government agencies, the exposure of networks and the sensitive data involve implications far too great to risk falling victim to account takeover. Having access to vital breach data, SpyCloud provides the critical difference in proactively protecting our infrastructure, national security, and customers of government services.

Contact Us for a Demo

Continuous monitoring with SpyCloud


Password reuse rate for .gov emails found in data breaches in 2020


#1 password associated with government emails in 2020 data breaches


YOY increase in leaked government records from Q1 2019 to Q1 2020

Leverage Breach Data for National Security

Employees of government agencies are as guilty as everyone else of the poor online habits and weak password hygiene that are the leading criminal gateways. As a result, there has been a massive uptick in credential exposures from government-affiliated organizations in recent years. This not only has the potential to cost taxpayers billions of dollars in clean-up – it also threatens our national security.

We might not be able to change rampant password reuse, but SpyCloud has built the industry’s fastest and most innovative approach for detecting and preventing the attacks that stem from human behavior. The SpyCloud platform is built on three pillars:

  • Early detection
  • Access to the largest repository of breach data possible
  • Dedicated human intelligence (HUMINT)

Learn more about our data

– Armando Ordonez, CEO of CyberDefenses

SpyCloud Helps U.S. Government Agencies:

Remediate Cyber Incidents Faster

Government agencies take a long time to remediate attacks. Having access to just-breached data is the critical difference between your organization falling victim to account takeover or not. Other solutions are time-consuming, resource-intensive, and often can’t deliver breach data until it’s too late. SpyCloud typically ingests data within days of the breach occurring.

Accurately Verify User Identity

Simply verifying the information entered by a user is an incomplete identity verification process. Due to the vast amount of data breaches and leaks, traditional identity verification does not take into consideration the prospect of the user’s credentials and PII being exploited to perpetrate fraud such as ATO or synthetic identities.

SpyCloud delivers intelligence on the most vulnerable user credentials and reused passwords susceptible to exploitation. The API seamlessly blends into existing automated identity verification processes for real-time logins and account creations, or it can be used as an offline batch process.

Detect Botnet Infected Users

SpyCloud is the only source of botnet infected user machine records. This is critical because botnets are notoriously evasive and dangerous. In one instance of SpyCloud’s effectiveness in this area, a government agency was the target of a credential stuffing attack. When their legacy solution failed to detect exposed credentials on the percentage they expected, SpyCloud was able to provide a file of 6,500 botnet infected user machines linked to their domains. Our results revealed that 85% of these 6,500 botnet infected user machine records had a direct credential match (email address and plaintext password) to active accounts.

Using the potential cost of the identity theft prevention services for these botnet infected machines, the agency calculated their “avoided cost” at $552,500.


Protect Customers of Government Online Services from Fraud

Government agencies make especially good targets due to the sheer amount of personally identifiable information (PII) stored in their systems and the amount of money that can be gained from siphoning funds, rerouting government benefits, and stealing taxpayers’ private information to leverage themselves or sell on the dark web.

Protect Your Agency’s Supply Chain

Government work relies on partnerships with private businesses, but those outside organizations are also vulnerable to attack – which in turn puts the government agency at risk. SpyCloud recently examined Aerospace & Defense companies in the Fortune 1000 and found more than 1.1 million plaintext employee corporate email and passwords combinations available for criminals to use, and 79% of those employees reusing passwords across multiple accounts. That is a huge amount of risk for agencies doing business with these contractors to assume.

SpyCloud Third Party Insight makes it easy to manage risk from DIB contractors. Continuous breach monitoring identifies when your vendors are compromised. You can then share the affected third party vendor’s exposed data directly with them so they can take steps to lock down accounts before criminals can exploit them. In the meantime, you can choose to limit access to your data until they have taken remediation action.

Backed by HUMINT

There is no other solution on the market has a human intelligence team solely focused on recovering breach data as soon as possible after a breach occurs. Because the SpyCloud HUMINT team works tirelessly to engage covertly with bad actors, SpyCloud’s massive database of actionable open source intelligence (OSINT) includes data criminals have stolen via data breaches and through botnet infections.

Additional Resources

Malware Infected User Guide
Credential-Stealing Malware: Remediation Guide for Government Security Teams

Learn what swift actions you can take to help prevent data theft from keylogger malware infections.

Preventing Cyberattacks in the Government Supply Chain - CMMC
Preventing Cyberattacks in Government Supply Chains

Stolen credentials remain the #1 hacking tactic used to perpetrate data breaches. DIB suppliers must take strong measures to secure credentials and meet CMMC requirements.

U.S. Government Credential Exposure Report

The prevalence of password reuse and loose credential security protocols are gifts to cybercriminals that expose the U.S. to significant risks.

Protect your agency, employees and suppliers from account takeover.