A multiagency team is working to determine how many DHS employees may have been affected by the cyber attack. (JIM WATSON/AFP)
The Department of Homeland Security has suspended background checks and most contracts with contractor USIS after a cyber attack may have accessed the personal information of DHS employees.
Peter Boogaard, a DHS spokesman, would not confirm the identity of the contractor but said that a multiagency cyber response team is working to identify the scope of the attack and how many employees were affected.
He said the agency has determined that some DHS personnel have had their personal information compromised and the agency has notified its entire workforce to monitor their financial accounts for suspicious activity.
“As we continue to investigate the nature of this breach on an urgent basis, we will be notifying specific DHS employees whose [personally identifiable information] we can determine was likely compromised.”
DHS has also stopped providing sensitive information to USIS, according to a DHS official, which means that many of its contracts are in a state of suspension.
But USIS confirmed the attack and said in a statement it was working with law enforcement to determine the extent of the attack and said that it looked to be state-sponsored.
But the company stressed that cyber crimes of this nature have become “an epidemic” that affects businesses and government agencies alike, and that the company has invested heavily in its security measures.
“We are working collaboratively with [Office of Personnel Management] and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack,” the company said.
An Aug. 6 email to DHS employees said the agency discovered a vulnerability in the contractor’s system and that it was accessible to unauthorized users.
“The department takes seriously its responsibility to safeguard personal information and will continue to aggressively investigate and work with the contractor to remediate this vulnerability,” DHS said in the email.
This is not the first time the contractor has found itself in hot water recently. The Justice Department filed a lawsuit against USIS in January, accusing the company of delivering at least 665,000 background investigations from March 2008 through September 2012 that failed to undergo contractually required initial quality reviews.
DHS has also come under fire from lawmakers for awarding USIS a $190 million contract to the company. The DHS division awarded a new contract to USIS on July 1, worth up to $190 million to provide field office support services related to the operation of the DHS immigration system, according to the lawmakers in the letter.
Sen. Tom Carper, D-Del., said the latest attack is deeply troubling and underscores the scary reality of how much of a target sensitive information has become and that Congress needs to reform laws to better combat cyber attacks.
He said Congress should pass the Federal Information Security Modernization Act of 2014, which would move agencies to real-time security automated security measures, delineate agency roles in combating cyber threats and put greater oversight attention toward data breaches.
“This legislation will enhance federal agencies’ ability to fend off 21st century threats — and as we were reminded today, we cannot afford more delay on this issue,” Carper said in a statement.■