US Homeland Security contractor victim of 'state-sponsored' cyber attack

Information about government employees may have been stolen by hackers

A contractor who performs background checks for the United States Department of Homeland Security (DHS) has admitted it's likely to have lost information about government employees after suffering a data breach in a cyber attack.

The company, US Investigations Services (USIS) - which in the past performed background checks on National Security Agency contractor turned surveillance whistleblower Edward Snowden - said the intrusion into its computer systems "has all the markings of a state-sponsored attack".

As a result of the discovery of the breach, the Department of Homeland Security has suspended all work with USIS and has called in the FBI and US Computer Emergency Readiness Team (US-CERT) to investigate.

A "multi-agency cyber response team is working with the company to identify the scope of the intrusion," DHS spokesman Peter Boogaard said in a statement about the incident.

The Department of Homeland Security has also warned its employees to keep a close eye on their personal accounts, in order to establish if information stolen from USIS is being used to steal funds.

"At this time, our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce, out of an abundance of caution, to advise them to monitor their financial accounts for suspicious activity," Boogaard said.

"We are committed to ensuring our employees' privacy and are taking steps to protect it," he added.

However, while the Department of Homeland Security encrypts the information it sends to USIS - the largest provider of background investigations for potential federal government employees - it's unclear if that information remains encrypted once it reaches the Falls Church, Virginia-based contractor.

Meanwhile, elsewhere in the US government, BlackBerry's Secure Work Space multi-platform management tool for iOS and Android has received Security Technical Implementation Guide (STIG) approval for use within the Department of Defense.

"The STIG approval for Secure Work Space for iOS and Android is another validation that enterprises and government agencies can rely on BlackBerry Enterprise Service 10 for secure mobility, no matter which devices they have in the field," said John Sims, president of global enterprise services at BlackBerry.

Sims recently told Computing that despite its ongoing reinvention as a dedicated enterprise mobile security company, BlackBerry will continue to focus on hardware.

I think [company CEO] John Chen said very clearly in the strategy that the hardware market does remain a focus within BlackBerry," he said.