[BreachExchange] Sensitive personal information of 246, 000 DHS employees found on home computer

Inga Goddijn inga at riskbasedsecurity.com
Thu Nov 30 09:16:45 EST 2017 

https://www.usatoday.com/story/news/politics/2017/11/28/sensitive-personal-information-246-000-dhs-employees-found-home-computer/901654001/

H/T to infowarrior.org for this post.

The sensitive personal information of 246,000 Department of Homeland
Security employees was found on the home computer server of a DHS employee
in May, according to documents obtained by USA TODAY.

Also discovered on the server was a copy of 159,000 case files from the
inspector general's investigative case management system, which suspects in
an ongoing criminal investigation intended to market and sell, according to
a report sent by DHS Inspector General John Roth on Nov. 24 to key members
of Congress.

The information included names, Social Security numbers and dates of birth,
the report said.

The inspector general's acting chief information security officer reported
the breach to DHS officials on May 11, while IG agents reviewed the details.

.Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected
employees who were employed at the department through the end of 2014 about
the breach.

The department's office of privacy is completing the details of the notices
to those affected.

"All potentially affected individuals will be offered an 18-month
subscription to credit monitoring services," the report says.

Officials at Office of Inspector General, which acts as an internal
watchdog at DHS, said in a statement provided to USA TODAY that "DHS is
coordinating notice to the affected individuals and we are working closely
with DHS to accomplish this."

"The responsible individuals are no longer on the OIG payroll," the
statement said.

Other agencies have suffered serious data breaches in recent years. In June
2015, the personal information of about 21.5 million people was leaked in a
breach at the Office of Personnel Management.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171130/e7e9517c/attachment.html>

More information about the BreachExchange mailing list