A software flaw left DHS employees’ personal info vulnerable to thieves since 2009

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning. That’s right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement ...

Getty Images
Getty Images
Getty Images

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning.

That's right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement jobs has had a gaping hole in it that could have given anyone access to its employees' names, Social Security numbers, and dates of birth.

"DHS has determined that other information provided in the SF-86, the standard security questionnaire, was not accessible," reads this DHS announcement

Software used by the Department of Homeland Security to hold the personal information of thousands of employees has been vulnerable to unauthorized access since 2009, according to a DHS warning.

That’s right, software used by DHS between July 2009 and May 2013 to assist with background investigations on candidates for security clearances or law enforcement jobs has had a gaping hole in it that could have given anyone access to its employees’ names, Social Security numbers, and dates of birth.

"DHS has determined that other information provided in the SF-86, the standard security questionnaire, was not accessible," reads this DHS announcement

Still, name, Social Security number, and birthday; can you say identity theft goldmine?

DHS says that while it has "no evidence" of anyone’s information being compromised, this week it began alerting employees to the possibility that their personal info may have been accessed, "out of an abundance of caution."

What’s the solution DHS offers (besides firing the software vendor and immediately fixing the vulnerability)? Giving employees the numbers of credit reporting agencies so they can see if anyone’s been spending under their names. The announcement also says that "DHS is evaluating all legal options and is engaged with the vendor to pursue all available remedies."

So, who specifically at DHS needs to worry about their info having been stolen?

"Employees and contractors who submitted background investigation information, and individuals who received a DHS clearance, between July 2009 and May 2013, primarily for positions at DHS HQ, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE)," states the announcement.

DHS is also reviewing its contracts with other vendors to make sure this isn’t a widespread problem.

So, while these guys have been guarding our borders, some software vendor hasn’t been guarding their identities. Well done, team. Remember, DHS is supposed to be the lead agency in protecting the United States from cyber-attacks.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.
A Panzerhaubitze 2000 tank howitzer fires during a mission in Ukraine’s Donetsk region.

Lessons for the Next War

Twelve experts weigh in on how to prevent, deter, and—if necessary—fight the next conflict.

An illustration showing a torn Russian flag and Russian President Vladimir Putin.
An illustration showing a torn Russian flag and Russian President Vladimir Putin.

It’s High Time to Prepare for Russia’s Collapse

Not planning for the possibility of disintegration betrays a dangerous lack of imagination.

An unexploded tail section of a cluster bomb is seen in Ukraine.
An unexploded tail section of a cluster bomb is seen in Ukraine.

Turkey Is Sending Cold War-Era Cluster Bombs to Ukraine

The artillery-fired cluster munitions could be lethal to Russian troops—and Ukrainian civilians.

A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol  January 8, 2009 in Washington.
A joint session of Congress meets to count the Electoral College vote from the 2008 presidential election the House Chamber in the U.S. Capitol January 8, 2009 in Washington.

Congrats, You’re a Member of Congress. Now Listen Up.

Some brief foreign-policy advice for the newest members of the U.S. legislature.