A security breach at the U.S. Department of Homeland Security (DHS) has compromised the data of nearly 25,000 agency employees.
An agency official revealed on Friday, August 22, that computer systems of US Investigations Services (USIS), the firm which performs background checks for the DHS, were hacked. The compromised data includes details on some of the agency's undercover investigators as well.
Alarmingly, the number of those affected by the cyber hacking may increase per the official.
For the unfamiliar, with an employee strength of over 5,700, USIS is the largest commercial provider of background checks to the government. The firm provides its services in both U.S. and abroad.
Earlier in August, Virginia-based USIS revealed that its systems' security had been breached. However, the firm did not disclose the number of records containing highly-sensitive personal data that had been compromised. USIS, however, let on that the breach had "all the markings of a state-sponsored attack."
Two officials revealed to Reuters that the security breach has exposed information on employees at the DHS' headquarters, the U.S. Customs and Border Protection and the U.S. Immigration and Customs Enforcement.
Reportedly, some of the employees have got letters to the effect which cautions them about the security breach. The compromised data is said to include the employees' education and criminal history, Social Security number, date of birth, as well as information on spouses, family, friends -- including their address and names.
"Records including this data were exposed to unauthorized users during the cybersecurity intrusion," reveals the notification letter obtained by Reuters. "We do not yet know whether the data was actually taken."
The breach is quite concerning as the hacked data contains sensitive information which may be misused if it falls in the wrong hands. Foreign intelligence agencies for instance may try to exploit the data to threaten government employees who had access to classified materials.
The intrusion is being investigated by the FBI. The DHS has also advised employees whose files have been compromised thanks to the hacking to keep checking their financial accounts for any suspicious activity.
Since the security breach, the DHS has halted all work with USIS "out of an abundance of caution." At this juncture, it is not known who is behind the cyber-hacking.