The Complex

A software flaw left DHS employees’ personal info vulnerable to thieves since 2009

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning. That’s right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement ...

By , a former national security reporter for Foreign Policy.
Getty Images
Getty Images
Getty Images

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning.

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning.

That’s right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement jobs has had a gaping hole in it that could have given anyone access to its employees’ names, Social Security numbers, and dates of birth.

"DHS has determined that other information provided in the SF-86, the standard security questionnaire, was not accessible," reads this DHS announcement

Still, name, Social Security number, and birthday; can you say identity theft goldmine?

DHS says that while it has "no evidence" of anyone’s information being compromised, this week it began alerting employees to the possibility that their personal info may have been accessed, "out of an abundance of caution."

What’s the solution DHS offers (besides firing the software vendor and immediately fixing the vulnerability)? Giving employees the numbers of credit reporting agencies so they can see if anyone’s been spending under their names. The announcement also says that "DHS is evaluating all legal options and is engaged with the vendor to pursue all available remedies."

So, who specifically at DHS needs to worry about their info having been stolen?

"Employees and contractors who submitted background investigation information, and individuals who received a DHS clearance, between July 2009 and May 2013, primarily for positions at DHS HQ, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE)," states the announcement.

DHS is also reviewing its contracts with other vendors to make sure this isn’t a widespread problem.

So, while these guys have been guarding our borders, some software vendor hasn’t been guarding their identities. Well done, team. Remember, DHS is supposed to be the lead agency in protecting the United States from cyber-attacks.

John Reed is a former national security reporter for Foreign Policy.

Read More On Cyber Security & Hacking | National Security Agency | Strategic Intelligence

Latest

The 7 Reasons Iran Won’t Fight for Hamas

What to Know as COP28 Begins

The Man Who Conned the World

Does Democracy Really Die in Darkness?

Confusion and Ambition Caused the My Lai Atrocities
See All Stories

Editors’ Picks

  1. 1
    The Man Who Conned the World
  2. 2
    Kissinger’s Great Game
  3. 3
    Henry Kissinger, Colossus on the World Stage
  4. 4
    Does Democracy Really Die in Darkness?
  5. 5
    Why The World’s Governments Should Pay Polluters
  6. 6
    Did Henry Kissinger Further U.S. National Interests or Harm Them?

More from Foreign Policy

The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.
The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.

America Is a Heartbeat Away From a War It Could Lose

Global war is neither a theoretical contingency nor the fever dream of hawks and militarists.

A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.
A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.

The West’s Incoherent Critique of Israel’s Gaza Strategy

The reality of fighting Hamas in Gaza makes this war terrible one way or another.

Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.
Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.

Biden Owns the Israel-Palestine Conflict Now

In tying Washington to Israel’s war in Gaza, the U.S. president now shares responsibility for the broader conflict’s fate.

U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.
U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.

Taiwan’s Room to Maneuver Shrinks as Biden and Xi Meet

As the latest crisis in the straits wraps up, Taipei is on the back foot.

Trending

  1. The 7 Reasons Iran Won’t Fight for Hamas
    Argument
    Arash Reisinezhad

  2. What Ridley Scott’s ‘Napoleon’ Gets Wrong About War
    Review
    Franz-Stefan Gady

  3. Chinese Hospitals Are Housing Another Deadly Outbreak
    Argument
    Annie Sparrow

  4. Did Henry Kissinger Further U.S. National Interests or Harm Them?
    It's Debatable
    Emma Ashford, Matthew Kroenig

  5. Does Democracy Really Die in Darkness?
    Review
    Bronwen Everill