As per the US DHS Office of Inspector General (OIG), in what they are referring to as a “privacy incident” identified in May, 2017 have been hit with an insider breach which has resulted in the data leak of approximately 247,167 current and former DHS employees. It also included an unspecified number of subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014. The data was found on the home computers of one of the three identified insiders.
The data included:
- Names, Social Security numbers, dates of birth, positions, grades, and duty stations of the employees, and
- Names, Social Security numbers, alien registration numbers, dates of birth, email addresses, phone numbers, and addresses of individuals associated with investigations, as well as any personal information they provided in interviews with DHS OIG investigative agents.
According to the OIG, “the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized unauthorized transfer of data.”
The folks at DHS have noted that they did not send out the notices before December 2017 because “the investigation was complex given its close connection to an ongoing criminal investigation.” Essentially, it took them until November to finish the forensic analysis of the compromised data an assess the risk to affected individuals.