Building on a story that first broke in November 2017, the Department of Homeland Security (DHS) just released additional details regarding the leak of personal information of 246,000 DHS employees. Insiders and intellectual property (IP) theft are at the core of the story.

Data Leak Timeline and Details

In May 2017, the DHS discovered personally identifiable information (PII) on DHS employees on the home computer of a DHS employee.

USA Today reported on the leak in November 2017, noting that personal information of 246,000 DHS employees was found on the home computer in May.  Of particular note in their report was this fact:

“Also discovered on the server was a copy of 159,000 case files from the inspector general’s investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell…”

On the heels of this article, the NY Times reported that three employees in the inspector general’s office for the DHS stole a computer system (containing the personal information) with plans to “modify the office’s proprietary software for managing investigative and disciplinary cases so that they could market and sell it to other inspector general offices across the federal government”. According to the Times report, investigators believe the suspects intended to use the data to help develop and test their own version of the system.

Which brings us to this week’s news release from the DHS which provided further details:

  • DHS notified select employees on January 3, 2018 that “ they may have been impacted by a privacy incident  …The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized transfer of data.”
  • Impacted individuals include approximately 247,167 current and former federal employees of DHS in 2014, and subjects, witnesses, or complainants associated with a DHS OIG investigation from 2002 through 2014.
  • PII for employees includes names, Social Security numbers, dates of birth, positions, grades, and duty stations. PII for individuals associated with an investigation varied, but could include names, Social Security numbers, dates of birth, email addresses, phone numbers, and addresses.
  • In an FAQ on their website, DHS explained the delay between discovery in May and notification in December:

“The investigation was complex given its close connection to an ongoing criminal investigation…DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed.  These steps required close collaboration with law enforcement investigating bodies to ensure the investigation was not compromised.”

  • DHS is offering 18 months of free credit monitoring and identity protection services to individuals potentially affected.

Protecting IP – and Employee Data – from Insiders

As our CEO recently noted in an article at CSO Online, insiders typically steal intellectual property (IP) to take it to a new job, start a competing business, or to give the information to a foreign government or organization. An insider has easy – and authorized – access to data. So, it’s challenging to distinguish between access for legitimate purposes and access with intent to steal.

In their news release, the DHS indicated they will be taking steps to better identify unusual access patterns by users. This is a step every organization should take to protect data.  Employee monitoring software allows organizations to track data access, including file transfer tracking and email transfers. So, not only can you protect your IP, but you can protect your employees’ information, as well. Click below to learn more about Teramind.

Insider Threat Detection