25,000 affected by USIS breach

The contractor that does background checks for the Department of Homeland Security has notified DHS that as many as 25,000 federal employees may be affected by a security breach at the company earlier in August, according to reports.

Department officials told Reuters on Aug. 22 that it plans to notify over the coming days approximately 25,000 employees that they may be "impacted" by the computer breach at Falls Church, Va.-based U.S. Investigations Services over the coming days.

USIS, a major provider of background checks for DHS and other federal agencies, said Aug. 6 that it suffered a data breach that "has all the markings of a state-sponsored attack." The firm said it spotted the attack on its own and notified the Office of Personnel Management and other agencies right away. USIS has hired a computer forensics firm to investigate the incident.

At the time of the initial announcement by USIS, neither the company nor DHS specified the scale of the theft of employees' personal information.

DHS has suspended work with USIS until security is restored.

Some members of Congress have questioned why USIS is still being awarded federal contracts after the Justice Department joined a civil lawsuit in January alleging the firm left at least 665,000 background checks incomplete over a 4 1/2-year period. Rep. Elijah Cummings (D-Md.) and Sen. Tom Coburn (R-Okla.) sent a letter last month to DHS Secretary Jeh Johnson questioning the wisdom of awarding USIS a potentially $190-million contract with Citizenship and Immigration Services.