DHS DATA BREACH OF 240,000 STAFF, WITNESSES ANNOUNCED
Just when you thought privacy news couldn’t get any worse. The Department of Homeland Security just announced a terrifying data breach from 7 months ago. Seven months is a long period of time for this kind of disclosure. The breach was mostly the identifiable information of over 240,000 employees. This included current and former employees. But even worse, it also included the personal information of people related to investigations. Like witnesses. Disturbingly, DHS knew of the breach 7 months ago. But they only told staff this past week. Why? It’s all a big mystery, but everything is fine.
DHS WILL ONLY SAY DAA FOUND IN FORMER STAFF’S POSSESSION
DHS hasn’t made much public about how the breach happened. So far, they’ve said the data wasn’t stolen or hacked by anyone. Yet the data also wasn’t exposed to malware. But we are left wondering what the story is, and what the data’s exposure really was. A criminal investigation last May discovered the data with a former employee last May. We don’t know who the individual was. We don’t know how they accessed the date, either. But oddly, DHS made the discovery in relation to a separate, ongoing criminal investigation. DHS has not identified the employee. DHS has also not made any details of the criminal investigation public, either. They won’t even say who they were investigating!
DHS WAITS 7 MONTHS TO WARN STAFF OF BREACH. WHY?
But despite assurances the data wasn’t stolen or exposed to malicious activity, it was compromised. So officials did send letters to those exposed last week. But still, why did DHS wait 7 long months to let their staff know? In a statement on it’s website, DHS gave a nebulous answer. “The investigation was complex given its close connection to an ongoing criminal investigation. From May through November 2017, DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed.” The investigation was complex. But it’s an ongoing investigation. So no will offer no context.
DHS SAYS BREACH HAPPENED, BUT EXPLAINS NOTHING AT ALL
That statement says a lot, but explains little. But it does relate that a ton of investigative data was also at risk. That included files on “subjects, witnesses, and complainants who were both DHS employees and non-DHS employees.” But DHS would not, or could not, explain how much personally identifiable information was at risk. But exposed data from “non-DHS employees,” which we assume means private individuals, was significant. They included social security numbers, personal addresses. But guess what’s even more disturbing? All witnesses DHS interviewed between 2002 and 2014 are also at risk. The statement described it as any “personal information provided in interviews” to Inspector General Agents. That’s pretty frightening.
INVESTIGATIONS, WITNESSES AT RISK?
So, again, DHS has said a lot, but explained very little. And, this data breach could mean major damage. Both to individuals and to criminal investigations. So, DHS says the breach compromised data 7 months ago. But it told no one until this week. Why the wait? 240,000 current and former DHS employees’ privacy is at risk. Any interviews from witnesses from 2002-2014 could be “in the wild.” But DHS won’t explain anything about what this may mean. This data breach really could mean damage.
DANGEROUS POTENTIALS MOVING FORWARD
So what happened at DHS? We don’t know and DHS isn’t telling. It remains to be seen what damage will result to those exposed. 240,000 is a lot of current and former staff. Witnesses from a 12 year period means a lot of people. Will this have an impact on active cases? No one is saying. Is the breach related to an ongoing investigation? Again, no one is saying. Is this case-related espionage? Is it a matter of stupidity or simple gross negligence? No one will say. But we can also be sure that DHS won’t say anything publicly if they can help it. Hopefully, if we do learn more, it won’t be a result of something truly awful. But DHS doesn’t say much, to anyone. And when they do talk, we don’t know why they have.