Background InvestigationsCybersecurity

Hackers Penetrated USIS Computer Networks for Months Before Detection

In a follow up to a previous article highlighting how Chinese hackers attack U.S. networks, another story has hit the news headlines describing how former background investigation contractor USIS failed to detect a security breach by Chinese hackers who penetrated USIS information system firewalls for several months. The hackers gained access to personally identifiable information (PII) on security clearance applications before being found out.  Some of the information that was compromised included the security records of 25,000 Department of Homeland Security employees.

No Cyber Safeguards

The FBI investigation into this breach disclosed a concern about why USIS computer security measures failed to set off alarms to quickly detect the penetrations. Another concern was the lack of oversight by the federal agency responsible for the contract, although legal representatives from USIS claimed that their systems and processes were reviewed regularly.  According to the story, USIS reported the cyber-attack to federal officials in June, and it was not until two months later that a public release was issued.  Although the number of people impacted by this breach is small compared to the much publicized recent credit card data thefts from major retailers, the information that was accessed is much more sensitive and all-encompassing.

As recommended in all cybersecurity briefings regardless of whether you think your data has been compromised, it is prudent to monitor your cyber footprint (email accounts, social media sites, and financial accounts) on a monthly basis and look for any anomalies or suspicious activity that shouldn’t be there.