BOSTON/WASHINGTON – A cyberattack on a firm that performs background checks for U.S. government employees has compromised data on at least 25,000 workers, including some undercover investigators, and that number could rise, officials said on Friday.
The breach at U.S. Investigations Services (USIS), based in Falls Church, Virginia, exposed highly personal information of workers at the Department of Homeland Security’s headquarters as well as its U.S. Immigration and Customs Enforcement and U.S. Customs and Border Protection units, two officials familiar with the investigation into the breach said.
Some employees have already received letters warning them about the breach. The letters say the compromised information includes Social Security numbers, education and criminal history, birth dates, and information about spouses, other relatives and friends, including their names and addresses.
“Records including this data were exposed to unauthorized users during the cybersecurity intrusion,” according to a notification letter obtained by Reuters. “We do not yet know whether the data was actually taken.”
One DHS official said the agency has identified some 25,000 employees whose information it believes were exposed.
“More could be notified in coming weeks as we learn more about the breach,” said the official.
The company disclosed the attack earlier this month but did not say how many records had been compromised or which agencies had been affected. It did say the intrusion has “all the markings of a state-sponsored attack.”
While the number of employees affected is relatively small compared to breaches at retailers such as Target that have affected tens of millions of customers, security experts say the attack on USIS is quite serious.
Files on background checks contain highly sensitive data that foreign intelligence agencies could attempt to exploit to intimidate government workers with access to classified information.
“They would be collecting this data to identify individuals who might be vulnerable to extortion and recruitment,” said Dmitri Alperovitch, chief technology officer with the cybersecurity firm CrowdStrike, which sells intelligence on state-sponsored cyberattacks.
The Department of Homeland Security has suspended all work with USIS since the breach was disclosed. The FBI has launched an investigation.
USIS says it is the biggest commercial provider of background investigations to the federal government, with over 5,700 employees, and provides services in all U.S. states and territories, as well as abroad.
Officials with USIS, which is a division of Altegrity Inc., could not immediately be reached for comment. A spokeswoman for Altegrity, which is majority-owned by Providence Equity Partners, declined to comment.
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.