The US Department of Homeland Security (DHS) has issued a statement confirming a breach of the DHS Office of Inspector General (OIG).
According to the statement issued by the DHS on Wednesday, the breach carried out on the DHS Office of Inspector General (OIG) Case Management System (CMS), affecting approximately 247,167 individuals that were employed by the DHS in 2014 and also subjects, witnesses, and complainants associated with the DHS OIG investigations from 2002 through 2014.
The DHS said that on May 10, 2017, DHS OIG discovered an unauthorised copy of its CMS in the possession of a former DHS OIG employee as part of an ongoing criminal investigation.
"The privacy incident did not stem from a cyber attack by the external actors, and evidence indicates that affected individual's personal information was not the primary target of the unauthorised exfiltration," DHS wrote to those affected.
Affected individuals such as the current and former employees were a letter notifying them that they may have been affected by a privacy incident on December 18, 2017. The DHS however, did not provide direct notice to the individuals affected by the Investigative data due to "technological limitations." It then asked the individuals to reach out to the department.
According to the letter which was signed by DHS chief privacy officer Phillip S Kaplan, the DHS offered all potentially affected individuals 18 months of free credit monitoring and identity theft protection services. The department assured all those affected that such occurrence would never repeat itself.
To help tackle and stop the re-occurrence of such incident in the future, the DHS said that they are implementing an additional security precautions to limit individuals have access to its information as well as more stringent checks to identify usual access patterns.