Cybersecurity

25,000 affected by USIS breach

cyber attack button

The contractor that does background checks for the Department of Homeland Security has notified DHS that as many as 25,000 federal employees may be affected by a security breach at the company earlier in August, according to reports.

Department officials told Reuters on Aug. 22 that it plans to notify over the coming days approximately 25,000 employees that they may be "impacted" by the computer breach at Falls Church, Va.-based U.S. Investigations Services over the coming days.

USIS, a major provider of background checks for DHS and other federal agencies, said Aug. 6 that it suffered a data breach that "has all the markings of a state-sponsored attack." The firm said it spotted the attack on its own and notified the Office of Personnel Management and other agencies right away. USIS has hired a computer forensics firm to investigate the incident.

At the time of the initial announcement by USIS, neither the company nor DHS specified the scale of the theft of employees' personal information.

DHS has suspended work with USIS until security is restored.

Some members of Congress have questioned why USIS is still being awarded federal contracts after the Justice Department joined a civil lawsuit in January alleging the firm left at least 665,000 background checks incomplete over a 4 1/2-year period. Rep. Elijah Cummings (D-Md.) and Sen. Tom Coburn (R-Okla.) sent a letter last month to DHS Secretary Jeh Johnson questioning the wisdom of awarding USIS a potentially $190-million contract with Citizenship and Immigration Services.

About the Author

Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

Featured

Reader comments

Mon, Aug 25, 2014 Joe D Chantilly, VA

The former USIS investigator seems to be a disgruntled former employee. While I have no direct connection to USIS I fail to connect the dots here. What does being hacked (and self reporting) have to do with golden parachutes and going to jail? The focus should be on hackers, especially if it turns out to be a hostile foreign Government. They are the ones who should be going to jail, but we cant find out who it is. Lets remember that the same person who created USIS was the one who invented the internet. When Al Gore did that why didn't he incorporate security into it before offering it up to the world? How many Billions has that cost us? And how much privacy have we lost?

Mon, Aug 25, 2014

I wonder how much of the data breech was due to government requirements and how much was due to using standard procedures like requiring Microsoft software and how much due to plain stupidity.

I do not have any relationship to USIS (unless they did my last background), but I have to wonder if someone is out to "get" the company? After all, look at all the governmental data breeches which have occurred that have made some hoop-la on the media, then it is business as usual with some new procedures tossed on top of the old. And what about the Chinese penetration of even the vaunted CAC card system?

Sat, Aug 23, 2014 Former USIS Investigator

How long is the criminal behavior going to be allowed to continue and at what ultimate cost to the american people? Questioning and writing letters and filing civil suits is just more kicking the can down the road. This is the same old lack of accountabilty dog and pony show we are all getting very tired of. I want to see USIS executives serving long prison sentences in fort collins at the federal supermax and having their million dollar golden parachute payouts when they were "fired" from USIS taken away and given back to the american people.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above