[Infowarrior] - PII of 246, 000 DHS employees found on home computer

[Richard Forno]

In 2017, this basic-101 securityfail should *not* still be happening.  Remember the periodic VA laptop losses (and unencrypted PII troves on them) over the years?   --rick


Sensitive personal information of 246,000 DHS employees found on home computer

Ray Locker, USA TODAY Published 3:53 p.m. ET Nov. 28, 2017

https://www.usatoday.com/story/news/politics/2017/11/28/sensitive-personal-information-246-000-dhs-employees-found-home-computer/901654001/

WASHINGTON — The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY.

Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. 

The information included names, Social Security numbers and dates of birth, the report said.

The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details.

.Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach. 

The department's office of privacy is completing the details of the notices to those affected.

"All potentially affected individuals will be offered an 18-month subscription to credit monitoring services," the report says.

Officials at Office of Inspector General, which acts as an internal watchdog at DHS, said in a statement provided to USA TODAY that "DHS is coordinating notice to the affected individuals and we are working closely with DHS to accomplish this."

"The responsible individuals are no longer on the OIG payroll," the statement said. 

Other agencies have suffered serious data breaches in recent years. In June 2015, the personal information of about 21.5 million people was leaked in a breach at the Office of Personnel Management.