Security breach could expose personal information of DHS employees
The FBI is investigating a cybersecurity breach that could have exposed the confidential information of employees with the Department of Homeland Security, a DHS spokesman confirmed to CBS News.
The breach focused on information stored by United States Investigative Services, an outside contractor that performs background checks on behalf of federal agencies.
"DHS is aware of a cybersecurity intrusion at a private sector company that conducts U.S. government security background investigations," explained a statement from the department. "A multi-agency cyber response team is working with the company to identify the scope of the intrusion and the FBI has launched a federal investigation into the issue."
The background check information in question, if exposed, could detail both personal and financial information. The department's workforce has been notified, DHS said, and employees have been advised to monitor their accounts for any sign of suspicious activity.
In the meantime, DHS has suspended all ongoing background checks with USIS "until we can determine it will not be subject to compromise," the statement said.
USIS, in a statement of its own, confirmed the "apparent external cyber-attack on USIS' corporate network," and said the intrusion has "all the markings of a state-sponsored attack."
"We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network," the contractor explained. "We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible."
It hasn't been the best few years for USIS. In January, the Justice Department accused the company of defrauding the government by submitting over half a million incomplete background check investigations. Before that, the firm earned widespread criticism for its shoddy vetting of Edward Snowden, the former NSA employee who exposed a huge array of classified government surveillance programs last June. And USIS was also responsible for performing a background check on Aaron Alexis, the gunman who killed 12 people and himself at the Navy Yard last September.
CBS News' Andy Triay and Julia Kimani contributed to this story.