Department of Homeland Security Data Breach (2018)

The US DHS Office of Inspector General (OIG) has confirmed that the “privacy incident” discovered in May 2017 resulted in the theft of personally identifiable information of DHS employees and individuals associated with investigations. The incident was the result of an attempted inside job by three DHS OIG employees who, according to the New York Times, stole the OIG’s computer system with the plan to “modify the proprietary software for managing investigative and disciplinary cases, so that they could market and sell it to other inspector general offices across the federal government.” All in all, data on approximately 247,167 current and former DHS employees, as well as of an unspecified number of subjects, witnesses, and complainants associated with DHS OIG investigations from 2002 through 2014, was found on the home computer server of one of the three insiders. The data included: Names, Social Security numbers, dates of birth, positions, grades, and duty stations of the employees, and Names, Social Security numbers, alien registration numbers, dates of birth, email addresses, phone numbers, and addresses of individuals associated with investigations, as well as any personal information they provided in interviews with DHS OIG investigative agents. According to the OIG, “the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized unauthorized transfer of data.”