back to article US Homeland Security breach compromised personal info of 200,000+ staff

More than 240,000 current and former employees of the US Department of Homeland Security have had their personal details exposed in a data breach. In what it describes somewhat euphemistically as a “privacy incident”, the DHS said the breach could also affect anyone who was part of an investigation by the DHS Office of …

  1. Sherminator
    FAIL

    Well that's embarrasing...

    I wonder who they will find to extradite to the US for this one?

    Some inward looking reflective thinking required all round at DHS then!

    1. Anonymous Coward
      Anonymous Coward

      'I wonder who they will find to extradite to the US for this one?'

      https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

      Themselves? Little stay in Gitmo anyone? But hey, no big deal, they probably already leaked everyone's details already here:

      https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach

      Plus, this fixes everything right?.. "performing a 360-degree review"... Sounds like they'll be chasing their own tails. Either way, "in a bid to reassure people" when it happens again, this must be a comfort to anyone not already leaked by Equifux:

      "It added that anyone potentially affected was being offered 18 months of free credit monitoring and identity protection services."

      1. John Brown (no body) Silver badge

        Re: 'I wonder who they will find to extradite to the US for this one?'

        "Plus, this fixes everything right?.. "performing a 360-degree review"... Sounds like they'll be chasing their own tails."

        Nice, chasing their own tails doing a full circle. Whenever I see that 360 degree thing, I always wonder why they ignore the vertical axis. Looking around is ok, but you also need to look up and down. But I'll be snagging your chasing tails reference for later use :-)

        1. not.known@this.address
          Black Helicopters

          Re: 'I wonder who they will find to extradite to the US for this one?'

          The people who bear ultimate responsibility for most of these incidents tend to be several paygrades above the people who do the dirty deed - hence looking at the culprit and others at the same level but quietly ignoring the decisions that allowed the problem to occur in the first place...

  2. Alister

    It is to be hoped they don't run a witness protection programme...

  3. nuked

    Eh?

    So the list included witnesses and complainants, and the purpose is not thought to be the theft of personal information? Well I'm sure a subscription to credit agencies will be a comfort to those exposed.

  4. Zippy's Sausage Factory
    Meh

    Sounds like a former developer had made a home office copy (probably for overtime / out of hours support purposes) and forgot to delete it when they left. Seems to me to be more in the "oops, no foul intended" category than the "EVERYONE IS DOXXED AND THE SKY IS FALLING IN OMG!!1!" category.

    1. Anonymous Coward
      Anonymous Coward

      Well, except that this was discovered as part of a criminal investigation...

      1. Zippy's Sausage Factory

        True. Something can be criminal when done with the best of intentions. And something truly evil can be perfectly lawful, of course.

        I was (somewhat ham-fistedly) trying to suggest that this looked, to my eyes, more like it might be someone trying to be helpful rather than someone trying to make a fast buck on the side.

        No doubt we'll hear more when the unlucky dev/would-be darknet kingpin* gets 20 years.

        * delete as applicable.

      2. not.known@this.address
        Big Brother

        Chicken, meet Egg.

        Which came first, the discovery or the investigation?

        As I read it, the "criminal investigation" used as an excuse not to tell everyone they might be in trouble earlier was the desperate scrabbling to find out what he'd done with his copy of the database and how he'd got it rather than something else being investigated and someone noticing this person getting up to mischief.

    2. Doctor Syntax Silver badge

      Seems to me to be more in the "oops, no foul intended"

      Except then when it was taken out of the office it wouldn't be subject to the strict and rigorous protection against unauthorised access and copying it would have had in the office. Or something like that.

  5. Anonymous Coward
    Anonymous Coward

    "It added that anyone potentially affected was being offered 18 months of free credit monitoring and identity protection services."

    Equifax by any chance?

    1. FozzyBear

      damn beat to it.

  6. Tom 38

    it affects an undefined number of people that were under investigation by the office between 2002 and 2014 - this could be subjects, witnesses and complainants, and is not limited to DHS employees.

    [..]

    anyone potentially affected was being offered 18 months of free credit monitoring and identity protection services.

    So free credit monitoring for everyone, right? If they can't tell who is affected, anyone is potentially affected.

  7. Pascal Monett Silver badge
    Trollface

    Thank God for Homeland Security

    I mean, it has Security right in the name, right ?

    Seems like the Paranoid Department isn't paranoid enough. Of course, it's tiring to be paranoid all the time, especially when it's your 9 to 5 day job. Seems that some of these guys are just in it for the paycheck now.

    1. Teiwaz

      Re: Thank God for Homeland Security

      Insecurity, more like.

      Plenty paranoid, but just not paranoid enough when it comes to the dull day to day info-sec.

      Just not exciting enough for the gizzards and danglies of the everyday employee of the institution to be safely kept out of the bite of sharks then?

  8. adam payne

    In addition, it said it would be “performing a 360-degree review of DHS OIG’s development practices related to the case management system”.

    What? you are going to run around in circles?

    1. DNTP

      360 degrees of review

      And end up right back where they started: dedicated to Theatrical Security.

    2. Mark 85

      Need to add: ... screaming and waving arms.

    3. Captain DaFt

      In addition, it said it would be “performing a 360-degree review of DHS OIG’s development practices related to the case management system”.

      What? you are going to run around in circles?

      SOP: everyone stands in a circle, points to the left and says, "He did it!" when asked until the investigator gets back to the first one, stamps the case "Investigated" and everyone goes back to doing what they were doing, nothing changed.

  9. Christoph

    "That information could include name, social security number, address, phone number and date of birth."

    And the entire contents of your smartphone, that they copied off when you went through immigration.

  10. John Smith 19 Gold badge
    WTF?

    Screw "the system," they took the whole f**king database with them it sounds like.

    240 000 names and all the details of their ongoing investigations.

    What's that? GB? TB?

    And Sys Admins did not notice someone copying "The-database-that's-not-meant-to-be-copied?"

    F**kwits.

    BTW this being HS will that include any foreign passenger data as well? Probably but this being the US they will follow the f**kem-they're-furriners rule.*

    *As opposed to the f**kem-they're-not-furriners rule the NSA has been using for letting the FBI query it's massive data slurp.

  11. Alistair
    Windows

    This *sounds* like a "What the hell do you mean there were no backups run yet? -- This is a full rev level update to the MoFo DB software!!!!" moment. I've shot down weekend outage updates for this sort of crap *just* to make sure there were no DBA's wandering around with "Oh shit" copies.

    But then again it could be a DBA having to fix some screwed up query taking a copy home so he "could play with it offline over the weekend". (Just what the #@$%@# do you think that dev and qa environment is for you #@$%????)

    (Hmm I seem down a coffee or six. Back in a bit)

  12. handleoclast

    Hahahahahahahahahahahahahahahaha

  13. a_yank_lurker

    Feral Incompetence - Deja Vu Department

    Didn't OPM (Office Personnel Mismanagement) have a breach like this a few years ago? It seems as if the average feral incompetent is incapable of learning.

  14. sloshnmosh

    Microsoft Office

    Look for the employee with the pirated MS Office 360 key generator.

  15. Dr U Mour

    Do they mean me?

    "if you were associated with a DHS OIG investigation from 2002 through 2014, you may contact AllClear ID at (855) 260-2767 for information on credit monitoring and identity protections services. "

    Well, were you ? Are you going to phone to find out?

  16. Anonymous Coward
    Anonymous Coward

    Digital revenge

    No one is safe anywhere from digital revenge, hacking or other digital crimes. Authorities don't have a snowball's chance in Hell of improving security and reducing digital crime because authorities are outnumbered 10,000 to 1 and the crim population is increasing exponentially by the week.

    1. Intractable Potsherd

      Re: Digital revenge

      "...the crim population is increasing exponentially by the week."

      Citation needed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like