Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
25,000 DHS employees at greater risk of identity theft after hack
Monday - 8/25/2014, 4:08am EDT
About 10 percent of all Homeland Security Department employees are at a greater risk of identity theft as more and more details emerge about the cyber attack against USIS.
DHS officials say about 25,000 employees, if not more, are facing the loss of personal information. The risk to as many as 25,000 DHS workers was first reported Friday by Reuters.
DHS sent an email to employees Aug. 21 detailing the types of personal identifiable information (PII) USIS held in order to perform security clearance assessments.
"The contractor maintained records that contained personal information, including the investigation subject's first and last name, Social Security number, job title, investigation case number, education history, criminal history and employment history; spouse's name, date of birth and Social Security number; the names, addresses and dates of birth of relatives of the investigation subject; and names and addresses of friends of the investigation subject," DHS said in an email to employees, which was obtained by Federal News Radio. "This data was exposed to unauthorized users during the cybersecurity intrusion."
The intrusion occurred at USIS earlier this summer. USIS alerted DHS to the breach.
Earlier this month, USIS acknowledged the break-in, saying its internal cybersecurity team had detected what appeared to be an intrusion with "all the markings of a state-sponsored attack." Neither USIS nor government officials have speculated on the identity of the foreign government.
A USIS spokeswoman reached Friday by the Associated Press declined to comment on the DHS notifications.
USIS, once known as U.S. Investigations Services, has been under fire by Congress in recent months for its performance conducting background checks.
DHS said in its email to employees that it has stopped providing USIS with sensitive information and suspended all current background investigations by the contractor.
"Your data was included in records exposed in this intrusion, and we are unlikely to be able to determine if your data was actually taken by the intruders," DHS wrote in the email. "As a precaution, we encourage you to contact your security officer if you become aware of any contacts or other activity that could raise security concerns."
DHS is offering credit monitoring services and said more information is coming to employees this week.
"We also recommend that you consider placing a fraud alert on your credit report, as we advised in the department's August 6th message concerning this intrusion, and that you contact family members and friends whose information you listed in your background investigation materials and urge them to place a fraud alert on their credit reports and take steps to protect other sensitive information," DHS said.
Along with the email, DHS included eight frequently asked questions and answers. The FAQs offer more details about what exactly happened.
"DHS takes its responsibility to safeguard PII seriously and has taken steps to ensure that information is protected. DHS is working aggressively with the contractor to address the compromise. The contractor is cooperating in this effort," DHS said in the FAQs. "Contracts with security contractors who provide the same type of services as the contractor in question are being reviewed to ensure all necessary requirements for protecting PII are incorporated and that compliance mechanisms and incident response are included."
DHS becomes the latest in an ever-growing list of agencies and government contractors suffering cyber attacks. Deltek had its network breached in April, exposing the data of 80,000 employees of vendors that use their service.
The Energy Department suffered an attack in September 2013, where at least 53,000 employees lost PII, and the Thrift Saving Plan faced a similar attack in May 2012, where the personal information of 123,000 federal employees and retirees was compromised.
The Associated Press contributed to this report.