On Aug. 2, Department of Homeland Security officials revealed that the agency’s contractor for conducting security clearance background checks had been hacked, and an unknown number of DHS employees’ personal data from those investigations had been stolen—potentially by a state-sponsored hacker. Now the DHS has a handle on how many records were stolen from contractor USIS: at least 25,000.
The Associated Press cites information from an unnamed DHS official, who spoke with the service under the condition of anonymity. “Homeland Security will soon begin notifying employees whose files were compromised and urge them to monitor their financial accounts,” the Associated Press’ Joce Sterman reported.
USIS is, as the Washington Post reported, the largest contract provider of background investigations to the federal government. The attack on USIS comes after the March revelation that the US Office of Personnel Management had been attacked by hackers based in China, potentially giving them access to the personal information of millions of government employees—though OPM offficials say that no personal data appeared to have been taken in the attack before it was detected.
The US Computer Emergency Response Team (US-CERT), which is part of DHS, is currently investigating the USIS breach, as are the FBI and other federal authorities. USIS was already under fire from Congress, and faces a federal whistleblower lawsuit over the alleged “dumping” of more than 600,000 background checks for security clearances—marking as complete checks that were only partially conducted. USIS was responsible for the background checks for Edward Snowden, and for Aron Alexis—the man responsible for the shootings at the Navy Yard in Washington, DC last year.