Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Data breach puts DHS employees at risk of identity theft
Wednesday - 5/22/2013, 4:05pm EDT
All DHS employees working in the headquarters office, for Customs and Border Protection, and for Immigration and Customs Enforcement from 2009 to 2013 are the most affected, according to an internal notice sent to employees, which was obtained by Federal News Radio and confirmed by a DHS spokeswoman.
"As a result of this vulnerability, information including name, Social Security numbers (SSN) and date of birth (DOB), stored in the vendor's database of background investigations was potentially accessible by an unauthorized user since July 2009," the internal notice stated.
A DHS spokeswoman emphasized there is no evidence that any employee data was stolen or lost.
"The department takes its responsibility to safeguard personal information seriously," the spokeswoman said by email. "At the direction of DHS, the vulnerability was immediately addressed. While there is no evidence to suggest that any information was inappropriately accessed, out of abundance of caution, notifications to potentially affected employees began today, outlining ways that they can protect themselves, including requesting fraud alerts and credit reports. DHS is evaluating all legal options while engaging with the vendor to pursue all available remedies."
DHS said it found out about the breach from a law enforcement partner and is investigating if the vendor had any data stolen. The agency says, "The software vulnerability did not permit access to the actual Standard Form 86, which contains information provided about other individuals for the investigatory process."
DHS didn't say who the vendor is, but did say in a set of frequently asked questions on its website that CBP "issued a stop work and cure notice to the vendor based on its contract. DHS is evaluating all legal options and is engaged with the vendor's leadership to pursue all costs incurred mitigating the damages."
DHS suffered another contractor cybersecurity problem in 2007 when congressional investigators said Unisys failed to secure unclassified computers at headquarters and the Transportation Security Administration.
Last year, a hacker group called Digital Corruption stole information from users in the Transportation Worker Identification Credential database, according to Dark Reading.
DHS is not alone in their struggles to secure information. The Government Accountability Office found in a July 2012 report that agencies reported more than 15,000 data breaches in 2011, up 19 percent from 2010.