Thousands of DHS Personnel Notified of Data Breach

Thousands of DHS Personnel Notified of Data Breach

by Anne Saita   May 23, 2013, 9:45PM

http://threatpost.com/thousands-of-dhs-personnel-notified-of-data-breach/

The Department of Homeland Security this week began notifying up to tens of thousands of employees, contractors and others with a DHS security clearance that their personal data may be at risk.

The notifications began on Monday, according to an online statement, after officials learned of a vulnerability in software used by a vendor to process personnel background investigations. The security vulnerability apparently has existed since July 2009 and the exposed data includes names, Social Security numbers and dates of birth. The security hole was sealed immediately.

“While there is no evidence that any unauthorized user accessed any personally identifiable information, [but] out of abundance of caution, DHS is alerting employees and individuals who received a DHS clearance of the potential vulnerability and outlining ways that they can protect themselves, including requesting fraud alerts and a credit report,” the agency said.

Those impacted include employees and contractors who submitted background investigation information and anyone else seeking a DHS clearance between July 2009 and May 2013, especially applicants or employees at headquarters, Customs and Border Protection and Immigration and Customs Enforcement.

It was a law enforcement partner who alerted the DHS to the vulnerability in the vendor’s database software. Although DHS does not name the vendor it did say it has issued a “stop work and cure order” and is looking into legal recourse to be financially compensated for damages related to the breach.

Although DHS did not indicate how many people were at risk, a report from Federal News Radio said tens of thousands were potentially impacted.

The agency stressed in the alert that there’s no evidence the sensitive data was illegally accessed. It also mentions that answers to a security questionnaire required of DHS workers, applicants and affiliates were still secure.

==========================================

(F)AIR USE NOTICE: All original content and/or articles and graphics in this message are copyrighted, unless specifically noted otherwise. All rights to these copyrighted items are reserved. Articles and graphics have been placed within for educational and discussion purposes only, in compliance with "Fair Use" criteria established in Section 107 of the Copyright Act of 1976. The principle of "Fair Use" was established as law by Section 107 of The Copyright Act of 1976. "Fair Use" legally eliminates the need to obtain permission or pay royalties for the use of previously copyrighted materials if the purposes of display include "criticism, comment, news reporting, teaching, scholarship, and research." Section 107 establishes four criteria for determining whether the use of a work in any particular case qualifies as a "fair use". A work used does not necessarily have to satisfy all four criteria to qualify as an instance of "fair use". Rather, "fair use" is determined by the overall extent to which the cited work does or does not substantially satisfy the criteria in their totality. If you wish to use copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml

THIS DOCUMENT MAY CONTAIN COPYRIGHTED MATERIAL. COPYING AND DISSEMINATION IS PROHIBITED WITHOUT PERMISSION OF THE COPYRIGHT OWNERS.