DHS confirms data breach affecting more than 240,000 current and former employees
The Department of Homeland Security has notified more than 240,000 current and former employees of a data breach that was discovered as part of a criminal investigation into the actions of a former staff member of the Office of the Inspector General.
In a letter sent to affected employees on Wednesday, DHS says an unauthorized copy of its investigative case management system was found in the possession of a former DHS OIG employee. The department says the data included information on “approximately 247,167 current and former federal employees that were employed by DHS in 2014.”
The agency says the breach, which it categorizes as a “privacy incident,” did not stem from an external cyberattack.
The exposed data also included information on “subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014.”
The breached data was not exposed to malicious activity, DHS said.
Despite learning about the breach in May, DHS did not begin notifying affected employees until November. The agency says this was due to “a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed.”
“The investigation was complex given its close connection to an ongoing criminal investigation,” a notice posted on the DHS website reads. “These steps required close collaboration with law enforcement investigating bodies to ensure the investigation was not compromised.”
DHS did not say why the former OIG employee was under investigation.
The information in the file includes names, Social Security numbers, dates of birth, positions, grades and duty stations. The agency says it “did not include any information about employees’ spouses, children, family members and/or close associates.”
Those affected have been offered 18 months of free credit monitoring and identity protection services through AllClear ID.