The US Department of Homeland Security (DHS) announced it suffered a data breach last year, during which data for over 247,000 DHS employees and individuals under DHS investigations was taken from a secure DHS database.
The DHS said a former employee is to blame, and not a hacker.
"On May 10, 2017, as part of an ongoing criminal investigation being conducted by DHS OIG and the U.S. Attorney’s Office, DHS OIG discovered an unauthorized copy of its investigative case management system in the possession of a former DHS OIG employee," the DHS said yesterday in a press release.
The stolen data is a copy of the Department of Homeland Security’s (DHS) Office of the Inspector General (OIG) Case Management System (CMS), a database-type application DHS employees use to store data for current and past investigations.
The database contains data on both the DHS employees investigating these cases, but also on the people under investigation and case witnesses.
According to the DHS, a former employee made a copy of this data circa 2014. The stolen database contained DHS data from 2002 through 2014.
DHS says the database contained the personal information of approximately 247,167 current and former federal employees. It did not say how many cases or case subjects were affected. This is what was compromised, per category, according to the DHS.
DHS officials said it took months to carry out "a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed."
The Agency is now offering 18 months of free credit monitoring and identity protection services to all affected individuals. Letters have been sent to current and former employees. People that interacted with DHS investigations between 2002 and 2014 are urged to follow additional advice provided on this FAQ page.