It’s bad enough that our federal government is involved in so many things it’s not supposed to do, but is it really too much to ask that the people running it be competent at the activities they are supposed to do?
The US Department of Homeland Security has announced that former employee of DHS’s Office of Inspector General was discovered to be in possession of an unauthorized copy of the office’s investigative case management system, which contains personal identifying information on roughly 247,167 current and former DHS employees, as well as identifying images on various people, from suspects to witnesses to complaint filers, involved in some way with DHS OIG investigations spanning from 2002 to 2014.
Specifically, the pilfered information includes employee names, Social Security numbers, birth dates, and more; and all of that same information for people involved with investigations, as well as the latter group’s phone numbers, home addresses, and emails.
Most disturbingly, this data breach was discovered in May of 2017, but we’re only learning about it now. DHS justifies its radio silence by its relationship to an ongoing criminal investigation, but assures the public that it conducted “a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed.”
So what is DHS going to do about it? Here’s the word from DHS Chief Privacy Officer Philip Kaplan:
All individuals potentially affected by this privacy incident are being offered 18 months of free credit monitoring and identity protection services. Notification letters were sent to all current and former employees who were potentially affected by the DHS Employee Data on December 18, 2017. Due to technological limitations, DHS is unable to provide direct notice to the individuals affected by the Investigative Data. Therefore, if you were associated with a DHS OIG investigation from 2002 through 2014, you may contact AllClear ID at (855) 260-2767 for information on credit monitoring and identity protections services.
The Department of Homeland Security takes very seriously the obligation to serve the Department’s employees and is committed to protecting the information in which they are entrusted. Please be assured that we will make every effort to ensure this does not happen again. DHS is implementing additional security precautions to limit which individuals have access to this information and will better identify unusual access patterns. We will continue to review our systems and practices in order to better secure data. DHS OIG has also implemented a number of security precautions to further secure the DHS OIG network.
The Daily Caller is not particularly impressed with DHS’s statement, noting that a department spokeswoman declined to provide further details and pointing out that its suggestion for those affected in the press release’s included FAQ is almost a scandal in and of itself:
Ironically, other suggestions “regarding credit freezes and credit reports” include contacting Equifax, a credit assessment agency that recently experienced a massive data breach itself, as well as a number of other apparent controversies and gaffes.
How secure does the homeland feel to you with these guys running the show? Let us know in the comments.