Breach at USIS Exposes Government Employees' Data


U.S. Investigations Services (USIS), which provides background checks for the U.S. government, recently acknowledged that its network was compromised by a cyber attack.

"We are working closely with federal law enforcement authorities and have retailed an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network," the company said in a statement. "Experts who have reviewed the facts gathered to date believe it has all the markings of a state-sponsored attack."

USIS says it's working with the Office of Personnel Management (OPM) and the Department of Homeland Security (DHS) to resolve the matter, and has suspended its work with them until the breach is fully investigated.

DHS spokesman Peter Boogaard told The Hill that some agency employees' information may have been compromised, and that the department has told all employees to monitor their financial accounts for suspicious activity and to watch out for odd requests for personal or financial data.

The Washington Post reports that the breach does not appear to be linked to a March 2014 breach at the OPM, which was traced to China.

Sen. Tom Carper, chairman of the Homeland Security and Governmental Affairs Committee, said in a statement that the breach demonstrates how crucial it is to modernize federal cyber security policies. "This latest report of a cyber attack on the major government contractor USIS is deeply troubling and underscores the scary reality of how much of a target our sensitive information has become in cyberspace," he said. "It also shows how urgent it is that we reform our laws to better combat attacks from malicious actors."

Government agencies and their leading contractors are inevitably a major target for hackers, both individual and state-sponsored. The U.S. Department of Energy acknowledged two separate breaches last year, one that exposed several hundred employees' and contractors' personal information, and another that exposed 53,000 employees' names, Social Security numbers and birthdates.

Also last year, the DHS acknowledged that a vulnerability in software used by a DHS vendor may have exposed an undisclosed number of names, Social Security numbers and birthdates.

In response to these and other attacks, DHS director of Network Security Deployment Brendan Goode recently spoke with eSecurity Planet about the process of defending the DHS network from cyber threats.