Today's Hard|Forum Post
Today's Hard|Forum Post

Thursday January 04, 2018

Homeland Security Breach Exposes Data On 240,000 Employees

In a statement, the DHS announced that a data breach exposed personally identifiable information on more than 240,00 current and former employees in 2014. The breach also contained Investigative Data for individuals associated with investigations from 2002-2014, which includes subjects, witnesses and complainants who were both DHS employees and non-DHS employees.

News Image

The DHS also notes that

All individuals potentially affected by this privacy incident are being offered 18 months of free credit monitoring and identity protection services. Notification letters were sent to all current and former employees who were potentially affected by the DHS Employee Data on December 18, 2017. Due to technological limitations, DHS is unable to provide direct notice to the individuals affected by the Investigative Data.

It makes you wonder how much this blunder ends up costing the taxpayer. between the initial gathering, compiling, and storing of the data, the investigation of the theft of the data, then 3 years of "extensive forensic analysis of the compromised data." I must add that I love the term "unauthorized exfiltration" when it comes to the data breach.

The investigation was complex given its close connection to an ongoing criminal investigation. From May through November 2017, DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed. These steps required close collaboration with law enforcement investigating bodies to ensure the investigation was not compromised.

Discussion