Cybersecurity

DHS suspends work with USIS after cyberattack

Shutterstock image: checking documents.

U.S. Investigations Services, a major provider of background checks for the Department of Homeland Security, suffered a data breach that "has all the markings of a state-sponsored attack," the firm said Aug. 6.

The cyberattack, the scale of which is still unclear, might have resulted in the theft of DHS employees' personal information, an agency spokesman said. DHS has stopped working with USIS until security is restored.

"As we continue to investigate the nature of this breach on an urgent basis, we will be notifying specific DHS employees whose PII [personally identifiable information] we can determine was likely compromised," DHS spokesman Peter Boogaard said.

Falls Church, Va.-based USIS describes itself as the federal government's largest private provider of background checks. The firm said it spotted the attack on its own and notified the Office of Personnel Management and other agencies right away. USIS has hired a computer forensics firm to investigate the incident.

DHS and the FBI are part of a cross-agency group responding to the breach, Boogaard said. "Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce … to advise them to monitor their financial accounts for suspicious activity."

USIS handled background checks for Navy Yard shooter Aaron Alexis and National Security Agency contractor-turned-leaker Edward Snowden. Some senior lawmakers have questioned why USIS is still being awarded federal contracts after the Justice Department joined a civil lawsuit in January alleging the firm left at least 665,000 background checks incomplete over a 4 1/2-year period. Neither Alexis' nor Snowden's investigation is a subject of the lawsuit.

Rep. Elijah Cummings (D-Md.) and Sen. Tom Coburn (R-Okla.) sent a letter last month to DHS Secretary Jeh Johnson questioning the wisdom of awarding USIS a potentially $190-million contract with Citizenship and Immigration Services.

Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper (D-Del.) said the newly discovered USIS breach "underscores the scary reality of how much of a target our sensitive information has become in cyberspace. It also shows how urgent it is that we reform our laws to better combat attacks from malicious actors."

Carper said that legislation to update the Federal Information Security Modernization Act, recently approved by his committee, would help "modernize our antiquated, inadequate federal cyber policies."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Fri, Aug 8, 2014

I wonder how long the investigation could last? The government is probably seriously rethinking the contracts.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group