Security contractor breach not detected for months
WASHINGTON — A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government’s leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries said.
The breach, revealed by the company and government agencies in August, compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.
In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why computer detection alarms inside the company failed to quickly notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.
Former employees of the firm, U.S. Investigations Services LLC, have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data weren’t regularly purged from the company’s computers.
A computer forensics analysis by consultants hired by the company’s lawyers defended USIS’ handling of the breach, noting it was the firm that reported the incident.
The analysis said government agencies regularly reviewed and approved the firm’s early warning system. In the analysis, submitted to federal officials in September and obtained by the AP, the consultants criticized the government’s decision in August to indefinitely halt the firm’s background investigations.
The attack had hallmarks similar to past intrusions by Chinese hackers, according to people familiar with the investigation. In March, hackers traced to China were reported to have penetrated computers at the Office of Personnel Management, the federal agency that oversees most background investigations of government workers and has contracted extensively with USIS.