Background Check Firm Hit by BreachIncident 'Has Markings of a State-Sponsored Attack'
U.S. Investigations Services, which conducts background checks for the Department of Homeland Security and other agencies, says it has identified a cyber-attack on its corporate network.
"Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack," the company says.
Upon learning of the incident, USIS immediately informed federal law enforcement, the Office of Personnel Management and other relevant federal agencies. "We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network," USIS says.
The Office of Personnel Management says it's working closely with US-CERT and the Federal Bureau of Investigation to determine the impact of the breach to OPM and its agency partners. "Out of abundance of caution, we are temporarily ceasing field investigative work with USIS," Jackie Koszczuk, communications director at OPM, tells Information Security Media Group. "This pause will give USIS time to work with US-CERT and OPM to take the necessary steps to protect its systems."
OPM says it hasn't been notified of any loss of personally identifiable information so far. "We are vigorously working to learn the extent of the situation at USIS, and we are taking appropriate actions to protect the security and integrity of our systems and data," Koszczuk says.
A Department of Homeland Security forensic analysis has concluded that some DHS personnel may have been affected by the breach, according to news reports.
USIS says it's working collaboratively with OPM and DHS to resolve the matter. "[We] look forward to resuming service on all our contracts with them as soon as possible," the company says. "Given the involvement of law enforcement and the active nature of this investigation, we cannot provide any additional information at this time."
DHS did not immediately respond to a request for additional information.
Beefing Up Security
Sen. Tom Carper, D-Del., chairman of the Homeland Security and Government Affairs Committee, says the USIS breach calls attention to the need to beef up network security.
"The latest report of a cyber-attack on the major government contractor USIS is deeply troubling and underscores the scary reality of how much of a target our sensitive information has become in cyberspace," he says. "While the Department of Homeland Security, Office of Personnel Management and other agencies have a number of tools and resources under existing authorities, it is critical that we modernize our outdated federal network security laws to prevent further attacks from happening."