Written By ESR News Blog Editor Thomas Ahearn
Officials said a U.S. background check contractor for the Department of Homeland Security (DHS) suffered a data breach that most likely resulted in the theft of personally identifiable information (PII) of some DHS employees, according to a report from The Washington Post.
The Post reports that the background check contractor U.S. Investigations Services LLC (USIS) – the largest provider of background check investigations for the federal government – said in a statement that the data breach “has all the markings of a state-sponsored attack.”
A DHS spokesman said in statement about the data breach: “Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce. We are committed to ensuring our employees’ privacy and are taking steps to protect it.”
As a result of the data breach, the DHS has suspended all work with USIS while the Federal Bureau of Investigation (FBI) investigates. The Office of Personnel Management (OPM) has also suspended work with the company “out of an abundance of caution,” the Post reports.
The U.S. Computer Emergency Readiness Team (US-CERT) is conducting an onsite assessment of the background check contractor to learn how the data breach occurred, who was behind the data breach, and instruct the company on how to mitigate the data breach, the Post reports.
The complete report from The Washington Post about the data breach is available at http://www.washingtonpost.com/world/national-security/dhs-contractor-suffers-major-computer-breach-officials-say/2014/08/06/8ed131b4-1d89-11e4-ae54-0cfe1f974f8a_story.html.
As reported earlier on ESR News, the DHS awarded a new $190 million background check contract to USIS in July of 2014. The DHS’s U.S. Citizenship and Immigration Services (USCIS) hired the background check contractor to help operate the nation’s immigration system.
ESR Sets Standard for Data Breach Security
Employment Screening Resources® (ESR) – ‘The Background Check Authority®’ – has completed a comprehensive Service Organization Control (SOC) 2 Audit Report stating that ESR maintained effective controls over the security, confidentiality, and privacy of employee screening system data. This SOC 2 report ensures ESR meets the current high standards set by the American Institute of Certified Public Accountants (AICPA) to protect customer and third-party information. To learn more about SOC 2 reports, visit http://www.esrcheck.com/SOC-2/.