Major Homeland Security contractor hacked, federal employee data likely stolen


USIS, a major federal contractor that conducts background checks for the U.S. Department of Homeland Security, disclosed today that it was the victim of a hack which likely involved the theft of federal employees' personal data.

The incident “has all the markings of a state-sponsored attack,” USIS said in a statement.

From the Washington Post, which broke the news today:

The breach, discovered recently, prompted DHS to suspend all work with USIS as the FBI launches an investigation. It’s unclear how many employees were affected, but officials said they believe the breach did not affect employees outside DHS. Still, the Office of Personnel Management has also suspended work with the company “out of an abundance of caution,”a senior administration official said.

“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the breach, department spokesman Peter Boogaard said. “We are committed to ensuring our employees’ privacy and are taking steps to protect it.”

"DHS contractor suffers major computer breach, officials say" [wapo]

Here's the full text of the "self-reported" disclosure by USIS:

“Our internal IT security team recently identified an apparent external cyber-attack on USIS’ corporate network. We immediately informed federal law enforcement, the Office of Personnel Management (OPM) and other relevant federal agencies. We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network. Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack.

“Cybercrime and attacks of this nature have become an epidemic that impacts businesses, government agencies, and financial and educational institutions alike. The protection and safeguarding of our networks, our data and the data of our customers is always of the utmost importance, and we have invested heavily in security measures. Our systems and people identified this attack, and, in response, we are working alongside OPM, the Department of Homeland Security (DHS) and federal law enforcement authorities in redoubling our cyber security efforts. We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack.

“Given the involvement of law enforcement and the active nature of this investigation, we cannot provide any additional information at this time.”