At the beginning of August, the Department of Homeland Security (DHS) announced that the contractor that performs background checks on DHS employees had been hacked. The hackers had stolen employee records, but the details hadn't been released.
Now we know that at least 25,000 DHS employee records have been stolen, possibly by a state-sponsored hacker. An anonymous DHA official said that employees would be notified if their records were compromised and would be encouraged to monitor their financial accounts.
The United States Investigations Services (USIS) is the largest contractor with the federal government that provides background checks. The attack detected in August comes after an attack on the U.S. Office of Personnel Management in March by Chinese hackers.
So far, the U.S. Computer Emergency Response Team (US-CERT), the FBI and other federal authorities are investigating the breach and USIS itself. USIS was already in hot water with Congress to begin with, since it was the company responsible for clearing Edward Snowden and Aron Alexis - the man who went on a shooting rampage in a Washington, D.C., Navy Yard last year.
USIS was also accused by a whistleblower of "dumping" personnel files - meaning that they marked a case as "cleared" when only a partial check was completed. The total number of cases alleged is around 600,000 personnel files.