Another company that conducts background checks for federal agencies reported a massive breach of its computer networks, potentially exposing personally identifiable information on more than 48,000 employees.
KeyPoint Government Solutions – which performs checks for the Office of Personnel Management and the Department of Homeland Security, according to its website – alerted DHS to the breach.
"Recently, the DHS National Cybersecurity and Communications Integration Center became aware of a potential intrusion of a private sector company that conducts U.S. government security background investigations for OPM," DHS spokesman S.Y. Lee confirmed. "Working with OPM and other interagency partners, the NCCIC, per standard procedure, deployed an on-site US-CERT to assess and mitigate any risks identified."
The investigation showed that KeyPoint's network had been compromised but didn't show "conclusive evidence" that sensitive employee information had been exfiltrated, according to OPM spokeswoman Nathaly Arriola.
"Out of an abundance of caution, OPM plans to notify 48,439 individuals whose PII may have been exposed in this incident and it will offer them credit monitoring at no cost," Arriola said. "We take very seriously our responsibility to protect sensitive data in background investigations and our top priority is to make sure the networks that handle that data are secure."
Arriola added that KeyPoint is cooperating with the investigation and is working with OPM to bolster its network security.
A representative from KeyPoint did not immediately return calls for comment.
"US-CERT is helping to address this issue in close collaboration with the Office of Personnel Management and our cybersecurity partners," Lee said. "As we examine the potential impact on DHS employees, we are committed to ensuring the privacy of our workforce and will take all appropriate measures to safeguard it."
Information on some 25,000 DHS employees was exposed in August after a breach at background investigation company USIS, which led to OPM and DHS canceling contracts with the company.
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
