A vulnerability has inadvertently made Department of Homeland Security (DHS) workers’ personal information accessible to unauthorized parties.
A vendor that works with DHS found the flaw in the software that processes personnel security investigations. DHS quickly fixed the situation.
There is no evidence the information contained in the system — names, social security numbers, date of birth — were actually stolen or accesses at all, but potentially affected employees, contractors, inactive applicants, and former employees and contractors will end up notified of the increased risk of identity theft they might face and the steps they can take to minimize it.
“DHS is evaluating all legal options and is engaged with the vendor’s leadership to pursue all costs incurred mitigating the damages,” the notice said, but it doesn’t say which vendor it was.
A law enforcement partner found the vulnerability who then notified the DHS.
“DHS believes that employees who submitted background investigation information, and individuals who received a DHS clearance, between July 2009 and May 2013, primarily for positions at DHS HQ, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), may be affected,” the notice said, then adds other information provided in the standard security questionnaire was not accessible.