Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning.
That's right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement jobs has had a gaping hole in it that could have given anyone access to its employees' names, Social Security numbers, and dates of birth.
"DHS has determined that other information provided in the SF-86, the standard security questionnaire, was not accessible," reads this DHS announcement.
Still, name, Social Security number, and birthday; can you say identity theft goldmine?
DHS says that while it has "no evidence" of anyone's information being compromised, this week it began alerting employees to the possibility that their personal info may have been accessed, "out of an abundance of caution."
What's the solution DHS offers (besides firing the software vendor and immediately fixing the vulnerability)? Giving employees the numbers of credit reporting agencies so they can see if anyone's been spending under their names. The announcement also says that "DHS is evaluating all legal options and is engaged with the vendor to pursue all available remedies."
So, who specifically at DHS needs to worry about their info having been stolen?
"Employees and contractors who submitted background investigation information, and individuals who received a DHS clearance, between July 2009 and May 2013, primarily for positions at DHS HQ, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE)," states the announcement.
DHS is also reviewing its contracts with other vendors to make sure this isn't a widespread problem.
So, while these guys have been guarding our borders, some software vendor hasn't been guarding their identities. Well done, team. Remember, DHS is supposed to be the lead agency in protecting the United States from cyber-attacks.