We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,953 News Articles

DHS warns employees that years-old database hole puts their privacy at risk

The Department of Homeland Security (DHS) Thursday said it has notified employees and others with DHS clearance to be on alert for potential fraud due to a vulnerability discovered in software used by a vendor to process personally identifiable information (PII) for background investigations. The software hole in had been there since July 2009.

"During the week of May 20, 2013, DHS is alerting employees of the potential vulnerability and outlining ways that they can protect themselves, including requesting fraud alerts and credit reports," the DHS said in its statement "Privacy Response to Potential PII Incident." DHS says a vulnerability in software that an unnamed vendor uses to maintain a database of background investigations had a hole in it that left open to potential unauthorized access information that includes name, Social Security number and date of birth.

[ SECURITY:Peculiar malware trail raises questions about security firm in India]

DHS says the software vulnerability has now been fixed and there's no evidence that this PII released to DHS clearances has been stolen from the vendor-maintained database.

DHS has set up a call center to address any employee concerns related to the notifications and is advising affected individuals concerned about potential fraud to consider taking certain measures, such as letting potential creditors know to contact them before opening a new account in their name. DHS also listed the three credit reporting firms, Equifax, Experian and TransUnion, saying an individual can place a fraud alert.

DHS also indicated it's in a legal confrontation with the unnamed vendor with this background investigations database and has raised a "stop work request" while engaging with the "vendor's leadership to pursue all costs incurred mitigating the damages." DHS is in talks with this unspecified vendor on "notification requirements for current contractors, inactive applicants and former employees and contractors."

DHS was alerted by a law enforcement partner of the potential vulnerability, and says it took immediate steps to address the problem with the vendor. Though DHS does not know that PII related to this security hole has been stolen, it's investigating the matter.

Employees who submitted background investigation information, and individuals who received a DHS clearance between July 2009 and May 2013, primarily for positions at the DHS headquarters, Customs and Border Protection (CBP), and Immigration and Customs Enforcement, may be affected.

DHS also says it is making "every possible effort" to reach out to former employees, applicants, former contractors and "similar individuals who received a DHS clearance that may be impacted."

In its privacy notification alert, DHS sought to address concerns, such as whether employees should alert the contacts they provided for the background investigation. DHS says it has no reason to believe that kind of step is needed.

As to whether DHS will continue to work with the unnamed vendor whose software had the security hole, the Department indicated the CBP has put the brakes on work at this time while DHS is "evaluating all legal options."

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Dell XP Migration SMB
Dell XP Migration SMB
IDG UK Sites

Lytro Illum release date, price and specs: Light field camera goes 3D

IDG UK Sites

Tim Cook says Apple aims to be best, not first, hinting that iWatch is coming

IDG UK Sites

Twitter - not news

IDG UK Sites

Fun film festival trailer plays with classic movie scenes