The Washington Post

DHS contractor suffers major computer breach, officials say

A major U.S. contractor that conducts background checks for the Department of Homeland Security has suffered a computer breach that probably resulted in the theft of employees’ personal information, officials said Wednesday.

The company, USIS, said in a statement that the intrusion “has all the markings of a state-sponsored attack.”

The breach, discovered recently, prompted DHS to suspend all work with USIS as the FBI launches an investigation. It is unclear how many employees were affected, but officials said they believe the breach did not affect employees outside the department. Still, the Office of Personnel Management has also suspended work with the company “out of an abundance of caution,” a senior administration official said.

“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the breach, department spokesman Peter Boogaard said. “We are committed to ensuring our employees’ privacy and are taking steps to protect it.”

The intrusion is not believed to be related to a March incident in which the OPM’s databases were hacked, said officials, some of whom spoke on the condition of anonymity because they were not authorized to speak on the record. That intrusion was traced to China and none of the personal data, which was encrypted, was stolen.

In the DHS case, said a second senior administration official, “We have an inclination that, based on what the company has been telling us, there has been a spill. The degree to which that information has been exfiltrated for other purposes is what we’re trying to discern now.”

Officials said that, although the DHS encrypts the employee data it sends USIS, it’s unclear whether the data remain encrypted.

USIS, a Falls Church, Va., company, is the largest provider of background investigations for the federal government. It conducts checks for DHS employees and applicants who require security clearances. While the OPM manages the bulk of federal background investigations, some departments, such as Homeland Security, have authority to hire contractors for their own investigations, officials said.

Company officials said they recently discovered the penetration of the firm’s corporate network and informed the FBI, the OPM and other relevant agencies. “We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible,” the firm said in its statement.

The U.S. government and its contractors are a favorite target for hackers who are interested in obtaining sensitive data, ranging from employee information contracts to weapons-system designs.

In 2006, Chinese hackers breached the system of a sensitive Commerce Department bureau. Also that year, the State Department suffered an intrusion traced to China.

In recent years, hackers have penetrated systems at the Defense Department, the Navy and the Environmental Protection Agency. Last year, hackers stole personal data from more than 100,000 people from an Energy Department system.

The U.S. Computer Emergency Readiness Team (US-CERT), a component of DHS, is conducting an on-site assessment at USIS, including a forensic analysis. Officials said they are seeking to learn exactly what happened and who was behind the intrusion. US-CERT has also instructed the company on how to mitigate the breach, officials said.

Some lawmakers have announced they will investigate the breach. “It is extremely concerning that the largest private provider of background investigations to the government was hacked,” said Rep. Elijah E. Cummings (Md.), the ranking Democrat on the House Oversight and Government Reform Committee. “I am asking Chairman [Darrell] Issa to work with me in having our committee investigate this matter with the utmost urgency.”

The USIS breach “is very troubling news,” said Sen. Jon Tester (D-Mont.), a Homeland Security Committee member. “Americans’ personal information should always be secure, particularly when our national security is involved. An incident like this is simply unacceptable.”

Cummings and other lawmakers have been critical of DHS for recently awarding USIS a contract, worth up to $190 million, to provide services related to DHS’s immigration system. They noted the company is facing a lawsuit by a whistleblower and the Justice Department that accuses it of defrauding the government.

The suit alleges that USIS “dumped” or did not fully complete 665,000 background checks used for security clearances to hit revenue targets. Since the accusations have emerged, the company says it has hired a new management team and has enhanced oversight procedures.

USIS performed the background checks on Navy Yard shooter Aaron Alexis and on former National Security Agency contractor Edward Snowden.

Christian Davenport and Josh Hicks contributed to this report.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.