The Department of Homeland Security issued a warning to its employees this week, saying it was alerted to a vendor vulnerability that could have exposed social security numbers.
The vendor, which the DHS does not disclose in its alert, deals with background check information. It helps the investigation process and stores personally identifiable information collected during a background check. The vulnerability could have exposed names, social security numbers, dates of birth, and other personally identifiable information that stretches beyond the “username and password” you usually see in breach notifications. This, however, did not involve an actual breach. The department says that it has not found any evidence that a breach took place, simply that the vulnerability existed.
The vulnerability affects both DHS employees and anyone who was given DHS clearance. The department is attempting to reach out to anyone it believes could have been affected by the vulnerability, which dates back to July 2009.
Once the issue was found, the vendor was ordered to stop all work and fix the security hole immediately. The Department of Homeland Security may take legal action and is “engaged with the vendor’s leadership to pursue all costs incurred mitigating the damages.”
DHS suggests that anyone whose information was at risk should contact credit reporting agencies to have their credit reports monitored for suspicious activity.
via ThreatPost; DHS image via DonkeyHotey/Flickr