icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
4 Jan, 2018 23:05

250,000 staffers, suspects and witnesses affected by DHS data breach

250,000 staffers, suspects and witnesses affected by DHS data breach

A data breach at the Department of Homeland Security has resulted in the personal details of nearly a quarter of a million former and current employees being stolen, as well as an unspecified number of suspects and witnesses'.

The breach, which affected the DHS Office of Inspector General (OIG) Case Management System, saw the details of 247,167 current and former federal employees stolen.

This information includes personally identifiable details, like names, positions, grades, positions, social security numbers and dates of birth.

Perhaps of more concern, a second group of private individuals also had their data stolen. This group, according to the department, is “comprised of individuals (i.e., subjects, witnesses, and complainants) associated with DHS OIG investigations from 2002 through 2014 (the “Investigative Data”).

The information taken “varies for each individual depending on the documentation and evidence collected for a given case,” the department said, but it could include “names, social security numbers, alien registration numbers, dates of birth, email addresses, phone numbers, addresses, and personal information provided in interviews with DHS OIG investigative agents.”

DHS discovered the breach on May 10, 2017 but only informed employees of it Wednesday, following an investigation which was “complex given its close connection to an ongoing criminal investigation.”

The department said it wouldn’t be able to inform private citizens that their data had been stolen due to “technical limitations” which prevent it from informing “non-DHS employees.”

It did stress that the innocuously entitled “privacy incident” did not stem from a cyber-attack by external actors, and that the evidence “indicates that affected individual’s personal information was not the primary target of the unauthorized unauthorized transfer of data.”