The U.S. reported a discovery of 246,000 sensitive personal records belonging to Department of Homeland Security (DHS) employees on a home computer owned by an employee. The department and its employees have a vital mission to “secure the nation from the many threats” the U.S faces.
One can only wonder if they ever suspect their own colleague to be a major security threat to their personal lives…
This, let’s face it, is the kind of thing we do not want to hear about. Although this story hails from across the pond, we’ve had our own issues of a similar nature of course. The Heathrow USB stick incident springs to mind.
The Homeland Security data breach included personal details such as:
- Names
- Social security numbers
- Dates of birth
That can be enough to commit some form of fraud, but we should also address the fact that knowledge of employee identities in the hands of an enemy of America could be very dangerous indeed. Even small pieces of information can go a long way in doing damage.
A report detailing the breach and the consequent investigations was relayed to key members of Congress by DHS Inspector General John Roth. Roth explained that, during the investigation, the computer server also contained a copy of 159,000 case files from the inspector general’s investigative case management system.
The breach was discovered and reported to the DHS on 11th May 2017. On 21st August the Deputy Secretary of Homeland Security Elaine Duke notified affected employees; a delay that was possibly due to concerns over national safety.
Roth’s report notes state that, after notifying the data subjects, “all potentially affected individuals will be offered an 18-month subscription to credit monitoring services.”
Officials from the Office of Inspector General (OIG) stated that “DHS is coordinating notice to the affected individuals and we are working closely with DHA to accomplish this.” The OIG acts as an internal watchdog and will hopefully review how the employee(s) managed to access so much information at home. To say that this is the department entrusted with the security of one of the most powerful countries on earth, you would think they would have super strict security protocols preventing anyone from working at home or risk so much confidential information.
According to an official statement, the responsible employee is no longer on the Office of Inspector General’s payroll. Some sources are saying that three insiders stole the computer server in order to develop “proprietary software for managing investigative and disciplinary cases,” to be sold to the other IG offices.
Only last year, 9,000 DHS employees had their personal data dumped online by a hacker. A criminal hacker reportedly breached the Department of Justice’s security walls and stole 200GB of information and threatened to leak 20,000 records belonging to FBI employees.