US Homeland Security sheds light on data breach

The US Department of Homeland Security has shed more light on a 2014 data breach revealed late last year that affected 247,167 current and former employees as well as “subjects, witnesses, and complainants” in investigations.

USA Today revealed in November last year that the employee data and case file copies were found “on the home computer server of a [department] employee”.

The department’s internal watchdog - the Office of the Inspector General (OIG) - today confirmed details of the breach.

It said that “as part of an ongoing criminal investigation ... DHS OIG discovered an unauthorised copy of its investigative case management system in the possession of a former DHS OIG employee.”

“The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorised exfiltration,” the department’s chief privacy officer Phillip Kaplan said in a statement.

The employee data relates to federal workers at the department in 2014; the investigative data, however, runs between 2002 and 2014, and Homeland Security said “technological limitations” prevented it from directly contacting everyone affected in that dataset.

Kaplan made assurances that the department would “make every effort to ensure this does not happen again.”  

“[Homeland Security] is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns,” Kaplan said.

“We will continue to review our systems and practices in order to better secure data.

“DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.”