Home page logo
/

isn logo Information Security News mailing list archives

Possible breach of DHS employee data has an unusual twist
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Jun 2013 02:26:51 -0500 (CDT)

http://gcn.com/articles/2013/06/03/dhs-data-breach-employee-info.aspx

By William Jackson
GCN.com
Jun 03, 2013

The Homeland Security Department has notified some employees that personally identifiable information used for security clearances and stored in a third-party database could have been exposed to unauthorized users.

The notifications came after DHS was alerted to a vulnerability in the vendor software by a “law enforcement partner.” According to a public notice the vulnerability could have been in place for as long as four years but has been addressed after being identified.

The department said there is no evidence that the information, which included Social Security numbers and dates of birth, had been improperly accessed, although it is investigating what, if any, personally identifiable data might have been accessed since 2009. The fact that law enforcement was involved raises the possibility that a breach occurred. DHS officials have declined to comment on the incident beyond the public notice.

It is not surprising that DHS was notified by a third party of the vulnerability. Most vulnerabilities are discovered by legitimate “white hat” researchers, who usually report them to the software vendor before they are publicly disclosed. In this case, it was law enforcement rather than researchers that appear to have discovered the problem. Whether it was part of an active investigation into a security breach is not known.

Many security breaches go unnoticed by victims. According to the Verizon 2013 Data Breach Investigation Report, 69 percent of breaches analyzed in the report were discovered by external parties, and 66 percent of breaches took months or longer to discover.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

  By Date           By Thread  

Current thread:
  • Possible breach of DHS employee data has an unusual twist InfoSec News (Jun 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault