Witnesses, complainants involved with the department in the past 15 years also put at risk.
Data breaches have become so common now that anyone at any given time can suffer from them. Industries, private companies and individuals have all suffered from data breaches. As long as something has an internet connection, it can be hacked.
The Homeland Department of Security in the US suffered a data breach which saw information relating to 240,000 of its current and former employees released. The information was both sensitive and personally identifiable information about the employees. The department released a statement after they had already notified all the employees who were targeted in the breach. In their statement, the DHS noted that the DHS Office of Inspector General’s Case Management System had been affected.
Exactly 247,167 people who were employed by the Department back in 2014 were affected by the breach. Subjects, witnesses and any complainants who were associated with the DHS OIG investigations from 2002 up to 2014 were also put at risk. The employee data which was leaked included their names, their social security numbers, dates of birth, positions, grades and the duty stations.
The DHS in their statement also noted that fortunately, the breached file did not have any information on the employees’ spouses, family members and any close associates.
The various other individuals who were affected by the DHS OIG investigations, significant personal info was also taken. They had their Social Security Numbers, dates of birth, email addresses, phone numbers and addresses also taken. Any other information which they provided in their various and respective interviews was also taken.
The DHS tried to mark that the act was not believed to be a targeted attack by cyber hackers on their employees’ information or any data whatsoever that they had.
Back in May 2017, some of the unauthorized files were seen in the hands of a former DHS OIG employee. The Department had been doing their own investigation, and it was still ongoing. In their statement the DHS said that from May up to November 2017, they were conducting a strong investigation into the incident. The steps as expected required close work with the authorities to ensure that the investigation was not compromised. The DHS did not, however release the identity of the ex-employee who was indicated in the investigation.
All former and current employees with the DHS have been sent notification letters who were by the December 18 breach. However, due to technological limitations, the department can’t reach out to everyone affected. Therefore the department is asking all the people involved in DHS OIG investigations between 2002 and 2014 to contact them.
The DHS also said that they were going to implement new security protocol and limit the access to the information. They will also apply some strict checks on identity and try to find any unusual access patterns. The DHS Chief Privacy Officer, Phillip Kaplan, said that employees should not be worried because their main priority was to make sure that this did not happen again.