Report: Breach Hit 25,000 Govt. WorkersBackground Check Firm Breach Exposed U.S. Agency Staff Info
Personal data of 25,000 government employees was likely compromised in the cyber-attack against U.S. Investigations Services, which conducts background checks for the Department of Homeland Security and other agencies, Reuters reports.
Two government officials familiar with the investigation told Reuters the data breach exposed personal information of workers at DHS headquarters as well as its U.S. Immigration and Customs Enforcement and U.S. Customs and Border Protections units. Some of those affected are undercover investigators, according to the news report.
In early August, USIS said it identified a cyber-attack on its corporate network. "Experts who have reviewed the facts gathered to date believe it has all the markings of a state-sponsored attack," the company said (see: Background Check Firm Hit by Breach). But USIS did not state how many government workers were affected.
In an updated statement on its website, USIS says it continues to work closely with federal law enforcement authorities and an independent computer forensics investigations firm on the investigation. "In the event we determine that an individual's personally identifiable information was accessed by the attacker, USIS will notify that individual directly and offer that person credit monitoring, identity protection and other support services," the firm says.
DHS did not immediately respond to a request for additional information. USIS declined to comment on the investigation.
More Notifications to Come?
One DHS official told Reuters that the agency had identified 25,000 employees whose information it believed to have been exposed in the breach. "More could be notified in coming weeks as we learn more about the breach," the official told the news outlet.
Some affected individuals already received notification letters from USIS, stating that the compromised information includes Social Security numbers, education and criminal history, and birth dates, along with information about spouses, other relatives and friends, including their names and addresses, Reuters reports.
The Office of Personnel Management is working closely with US-CERT and the Federal Bureau of Investigation to determine the impact of the breach to OPM and its agency partners. "Out of abundance of caution, we are temporarily ceasing field investigative work with USIS," Jackie Koszczuk, communications director at OPM, told Information Security Media Group Aug. 7. "This pause will give USIS time to work with US-CERT and OPM to take the necessary steps to protect its systems."