This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

More than 240,000 current and former employees of the US Department of Homeland Security have had their personal details exposed in a data breach.

In what it describes somewhat euphemistically as a “privacy incident”, the DHS said the breach could also affect anyone who was part of an investigation by the DHS Office of Inspector General between 2002 and 2014.

The breach was discovered in May 2017, when – as part of an ongoing criminal investigation – the DHS found a former employee had an unauthorised copy of the office’s investigative case management system.

The DHS was at pains to emphasise that the “evidence indicates that… personal information was not the primary target” and that the incident wasn’t a “cyber attack by external actors”.

But it still led to the unauthorised transfer of the personally identifiable information – including name, social security number and position – of 246,167 federal government staff employed by the DHS in 2014.

On top of that, it affects an undefined number of people that were under investigation by the office between 2002 and 2014 – this could be subjects, witnesses and complainants, and is not limited to DHS employees. That information could include name, social security number, address, phone number and date of birth.

Current and former staff were contacted on December 18, 2017, but the department said it was “unable to provide direct notice to the individuals affected by the Investigative Data”.

Clearly anticipating the question of why it took them nine months to alert affected individuals after discovering the breach, the DHS’s canned statement said:

In a bid to reassure people that this wouldn’t happen again, the department said it was placing “additional limitations” on who gets back end access to case management systems, as well as implementing additional network controls to identify unusual access patterns.

In addition, it said it would be “performing a 360-degree review of DHS OIG’s development practices related to the case management system”.

It added that anyone potentially affected was being offered 18 months of free credit monitoring and identity protection services. ®

Sponsored: Minds Mastering Machines – Call for papers now open

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,