A new alarming development has revealed that sensitive information of about twenty five thousand employees of the US Department of Homeland Security was hacked. The officials of DHS said that the data breach occurred through USIS, US Investigations Services, that is responsible for background checks and security clearances of DHS employees was hacked by what USIS is claiming to be a “state-sponsored attack”.
According to data revealed to Reuters by officials, highly sensitive information of employees working at DHS headquarters, undercover investigators, U.S. Customs and Border Protection as well as U.S. Immigration and Customs Enforcement came under attack. However, whether the data was actually stolen or not, remains in question.
The targeted information seems to include employment and criminal record, social security numbers, date of birth, name and addresses of their spouse, family and friends have also been revealed. DHS has already informed their employees of this data breach through letters. However, both the government and USIS remain tight lipped regarding the identity of the foreign country that has sponsored the attack. FBI, US Computer Emergency Response Team, an internal department of DHS and various other federal agencies are currently investigating the data breach and all activity of DHS and Office of Personnel Management done through USIS has been halted until the investigation is over.
DHS spokesperson Peter Boogaard made a statement by saying that “Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” and also assured that “we (DHS) are committed to ensuring our employees’ privacy and are taking steps to protect it.”
USIS, which has an employee strength of about 5700 is the largest provider of security clearance and background checks for US government. Out of almost 5 million government employees half of the security clearances are done through private contractors and USIS is responsible for almost half of the background checks. The firm has been under controversy lately when Congress criticized its performance for conducting security clearance for Edward Snowden, former system analyst of the National Security Agency who recently defected to Russia, and Aaron Alexis, an employee of a military contractor who shot twelve people in 2013.
The DHS security breach was preceded by news of 1.2 billion user name and password hack that was reported by Hold Security. According to Hold Security the data breach was committed by a Russian crime ring also said that five hundred million email addresses were taken through 42000 websites across the internet. Alex Holden the founder of the company remarked that “Hackers did not just target US companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites…. and most of these sites are still vulnerable.”