Department of Homeland Security employee data breached in “state-sponsored attack”

DHS employee data breached in what looks like a state-sponsored attack

US online attack. Image courtesy of ShutterstockPersonal data may well have been snatched out of the US government’s top employee background-checking firm in what officials are calling a major security breach.

The contractor, USIS, which itself found and reported the attack in August, said in a statement that the break-in “has all the markings of a state-sponsored attack.”

Government officials on Wednesday told The Washington Post that the FBI is trying to figure out how many employees were affected, though the officials said that they believed the breach was confined to employees at the Department of Homeland Security (DHS).

In its statement, USIS said that “other, relevant federal agencies” were also affected.

To stay on the safe side, the Department of Homeland Security (DHS) has suspended all work with USIS while the FBI investigates.

Ditto for the the Office of Personnel Management (OPM), “out of an abundance of caution,” a senior administration official told The Washington Post.

DHS spokesman Peter Boogaard told the newspaper that it’s working to protect its workers from any potential attacks on their privacy:

Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce [of the breach]. We are committed to ensuring our employees' privacy and are taking steps to protect it.

This is the second time since March that attackers have gone after employee information at the OPM.

As The Washington Post reported in July, the OPM – which stores detailed data on up to 5 million government employees and contractors, some of whom hold sensitive security clearances – in March detected an attack originating in China.

It wasn’t clear whether the intruders worked for the government, and it didn’t appear at the time that any personal data was stolen.

That earlier attack is thought to be unrelated to the more recent attack.

The fact that this attack was against a contractor shows how vulnerability can extend past an organization’s four walls.

Almost a year ago, John Hawes asked if contractors were the weak link in the security chain.

Everyone we do business with, share data with, outsource operations to, sell things to or buy things from forms a part of our own security chain. A breach at any point in the chain can have an impact on the privacy and integrity of our data.

If you use contractors in your business, make sure you demand the same levels of security from all of them that you maintain yourself.

Image of US in binary and US cyber attack courtesy of