DHS has announced it recently learned of a vulnerability that existed in the software used by a DHS vendor to process personnel security investigations that potentially puts at risk personally identifiable information for Customs and Border Protection and Immigration and Customs Enforcement employees.
Employees and contractors in those agencies who received a DHS clearance from July 2009 to May 2013, primarily for positions at DHS HQ, CBP and ICE, may have had Social Security numbers, names and dates of birth compromised – however, there is no evidence that any of the information was accessed by unauthorized persons.
A DHS vendor recently alerted the department that an "unauthorized user" had access to a system it uses to gather and stores sensitive personal information for background investigations.
The vulnerability has been addressed and DHS has issued a stop work order with the vendor and is working to alert those affected.
