[BreachExchange] Homeland Security Data Breach Affects 240, 000 Federal Employees, Plus Witnesses and Interviewees

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jan 4 18:57:12 EST 2018


The Department of Homeland Security (DHS) on Wednesday confirmed a data
breach involving the personally identifiable information of more than
240,000 current and former DHS employees.

The agency disclosed few details about how the information was compromised,
though it stressed that the data was not stolen in a cyberattack, nor was
it exposed to malicious activity. Instead, the files were discovered in the
possession of a former DHS Office of Inspector General (OIG) employee
during an ongoing criminal investigation last May, the agency said.

The identity of the former employee was not disclosed, and the focus of the
criminal investigation is unknown.

DHS employees whose information had been compromised—names, Social Security
numbers, dates of birth, positions, grades, and duty stations—received
notification letters today, the agency said.

Why did it take roughly seven months to notify the affected employees? “The
investigation was complex given its close connection to an ongoing criminal
investigation,” the agency said on its website. “From May through November
2017, DHS conducted a thorough privacy investigation, extensive forensic
analysis of the compromised data, an in-depth assessment of the risk to
affected individuals, and comprehensive technical evaluations of the data
elements exposed.”

According to DHS, in addition to employee data, a wealth of investigative
data was also put at risk. Those files include information on “subjects,
witnesses, and complainants who were both DHS employees and non-DHS
employees.” The amount of personally identifiable information in the
investigative records “varies for each individual depending on the
documentation and evidence collected for a given case,” DHS said.

The data compromised belonging to “non-DHS employees” (meaning, presumably,
private individuals) may include: Social Security numbers, alien
registration numbers, dates of birth, email addresses, phone numbers,
residential addresses, as well as any “personal information provided in
interviews” to DHS Office of Inspector General agents between 2002 and 2014.

For DHS employees at least, the files did not include any information about
employees’ spouses or other family members.

While DHS employees have been notified directly regarding the breach,
anyone who has reason to believe their information may have been included
in the compromised investigative files have been encouraged to contact
AllClear ID (855-260-2767 <(855)%20260-2767>) to receive information about
credit monitoring and identity protection services.

At the time of the breach, retired USMC General John F. Kelly was chief of
DHS. He now serves as President Donald Trump’s chief of staff. Trump’s
former deputy chief of staff, Kirstjen Nielsen, took over as head of DHS
last month.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180104/a0c793d7/attachment.html>

More information about the BreachExchange mailing list