Want CNET to notify you of price drops and the latest stories?

Homeland Security breach exposes data on 240,000 employees

Personally identifiable information was discovered in the possession of a former department employee.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
U.S. Department of Homeland Security

Information on more than 240,000 current and former Homeland Security employees was found in the possession of a former DHS employee, the department says.

Getty Images

A data breach at the Department of Homeland Security exposed the personally identifiable information on more than 240,000 current and former DHS employees, the department said Wednesday.

The breach at the DHS Office of Inspector General (OIG) Case Management System affected 247,167 people employed by DHS in 2014, as well as subjects, witnesses and complainants associated with DHS OIG investigations from 2002 through 2014, the department said in a statement. Information exposed included Social Security numbers, dates of birth, positions, grades and duty stations.

The DHS said the "privacy incident" wasn't the result of a cyberattack and that acquisition of individuals' personal information didn't appear to be the goal of the breach. Instead, the files were discovered last May in the possession of a former DHS OIG employee during an ongoing criminal investigation, the agency said.

The department said it sent notification letters in December to all those who may have been affected by the breach. The delay in revealing the breach was due to the complex nature of the criminal investigation, the department said.

"From May through November 2017, DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed," the DHS said.

The DHS didn't reveal the identity of the former employee or the scope of its investigation.

As a result of its investigation, the DHS said it is implementing additional security precautions to limit who has access to its information, as well as more stringent checks to identify unusual access patterns.

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."

Special Reports: All of CNET's most in-depth features in one easy spot.