(Correction: DHS was directly notified by USIS about the breach. An earlier version of this story misidentified how DHS became aware of the issue.)
About 10 percent of all Homeland Security Department employees are at a greater risk of identity theft as more and more details emerge about the cyber attack against USIS.
DHS officials say about 25,000 employees, if not more, are facing the loss of personal information. The risk to as many as 25,000 DHS workers was first reported Friday by Reuters.
DHS sent an email to employees Aug. 21 detailing the types of personal identifiable information (PII) USIS held in order to perform security clearance assessments.
“The contractor maintained records that contained personal information, including the investigation subject’s first and last name, Social Security number, job title, investigation case number, education history, criminal history and employment history; spouse’s name, date of birth and Social Security number; the names, addresses and dates of birth of relatives of the investigation subject; and names and addresses of friends of the investigation subject,” DHS said in an email to employees, which was obtained by Federal News Radio. “This data was exposed to unauthorized users during the cybersecurity intrusion.”
The intrusion occurred at USIS earlier this summer. USIS alerted DHS to the breach.
Earlier this month, USIS acknowledged the break-in, saying its internal cybersecurity team had detected what appeared to be an intrusion with “all the markings of a state-sponsored attack.” Neither USIS nor government officials have speculated on the identity of the foreign government.
A USIS spokeswoman reached Friday by the Associated Press declined to comment on the DHS notifications.
USIS, once known as U.S. Investigations Services, has been under fire by Congress in recent months for its performance conducting background checks.
DHS said in its email to employees that it has stopped providing USIS with sensitive information and suspended all current background investigations by the contractor.
“Your data was included in records exposed in this intrusion, and we are unlikely to be able to determine if your data was actually taken by the intruders,” DHS wrote in the email. “As a precaution, we encourage you to contact your security officer if you become aware of any contacts or other activity that could raise security concerns.”
DHS is offering credit monitoring services and said more information is coming to employees this week.
“We also recommend that you consider placing a fraud alert on your credit report, as we advised in the department’s August 6th message concerning this intrusion, and that you contact family members and friends whose information you listed in your background investigation materials and urge them to place a fraud alert on their credit reports and take steps to protect other sensitive information,” DHS said.
Along with the email, DHS included eight frequently asked questions and answers. The FAQs offer more details about what exactly happened.
“DHS takes its responsibility to safeguard PII seriously and has taken steps to ensure that information is protected. DHS is working aggressively with the contractor to address the compromise. The contractor is cooperating in this effort,” DHS said in the FAQs. “Contracts with security contractors who provide the same type of services as the contractor in question are being reviewed to ensure all necessary requirements for protecting PII are incorporated and that compliance mechanisms and incident response are included.”
DHS becomes the latest in an ever-growing list of agencies and government contractors suffering cyber attacks. Deltek had its network breached in April, exposing the data of 80,000 employees of vendors that use their service.
The Energy Department suffered an attack in September 2013, where at least 53,000 employees lost PII, and the Thrift Saving Plan faced a similar attack in May 2012, where the personal information of 123,000 federal employees and retirees was compromised.