DHS has sent notices to nearly 250,000 of its employees that a database used by its IG’s office has been compromised, putting at risk personally identifiable information including names Social Security numbers, dates of birth, positions, grades and duty stations.
During an investigation, the IG discovered that an unauthorized copy of its investigative case management system was in the possession of a former IG employee, DHS has said.
Potentially affected are those employed by DHS in 2014 – the IG used the data to conduct identity confirmation during the complaint and investigative process – and those who were associated with an IG investigation from 2002 through 2014. In those cases, additional information could be included, including email addresses, home addresses and information provided to the IG’s office.
DHS is offering 18 months of free credit monitoring and identity protection services; the notices include instructions on how to register. It also said it “is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns.”
Many current and former DHS employees, as well as those of other agencies, already are eligible for similar services due to the breach of OPM’s central federal personnel file and its background investigation database. There have been a number of other breaches of employee information held by other individual agencies, as well, but unlike those, the DHS breach was not the result of a cyber attack.