Personally identifiable information was discovered in the possession of a former department employee.
A data breach at the Department of Homeland Security exposed the personally identifiable information on more than 240,000 current and former DHS employees, the department said Wednesday.
The breach at the DHS Office of Inspector General (OIG) Case Management System affected 247,167 people employed by DHS in 2014, as well as subjects, witnesses and complainants associated with DHS OIG investigations from 2002 through 2014, the department said in a statement. Information exposed included Social Security numbers, dates of birth, positions, grades and duty stations.
The DHS said the "privacy incident" wasn't the result of a cyberattack and that acquisition of individuals' personal information didn't appear to be the goal of the breach. Instead, the files were discovered last May in the possession of a former DHS OIG employee during an ongoing criminal investigation, the agency said.
The department said it sent notification letters in December to all those who may have been affected by the breach. The delay in revealing the breach was due to the complex nature of the criminal investigation, the department said.
"From May through November 2017, DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed," the DHS said.
The DHS didn't reveal the identity of the former employee or the scope of its investigation.
As a result of its investigation, the DHS said it is implementing additional security precautions to limit who has access to its information, as well as more stringent checks to identify unusual access patterns.
Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."
Special Reports: All of CNET's most in-depth features in one easy spot.