Chinese hackers roamed around unnoticed for months inside the networks of U.S. Investigations Services (USIS), the government’s main security clearance contractor, according to an Associated Press report.
Lawmakers have been pushing for answers about the breach, which exposed the records of at least 25,000 Department of Homeland Security (DHS) employees. USIS said in August that the incident had “all the markings of a state-sponsored attack.”
Characteristics of the intrusion mirrored a previous breach at the Office of Personnel Management (OPM) in March, when Chinese hackers went after the files on tens of thousands of employees with top-secret clearances.
The security checking company had already been a focal point of controversy.
In January, the Department of Justice alleged it took shortcuts on 40 percent of its background checks, roughly 665,000 in total. USIS blamed any malfeasance on "a small number of employees," and pointed to changed leadership and enhanced oversight in response to the allegations.
Regardless, the company received a contract over the summer with the U.S. Citizenship and Immigration Services worth up to $190 million dollars, outraging lawmakers. The Government Accountability Office later ruled the government should reconsider the contract.
After the recent breach, the chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee pressed the DHS for details about USIS’s compromised records.
The incident “raises many questions about the safeguards contractors are taking to protect against cyber intrusions, as well as the oversight provided by the contracting agency,” said Sens. Tom CarperTom CarperOvernight Finance: Trump takes victory lap at Carrier plant | House passes 'too big to fail' revamp | Trump econ team takes shape Warren calls for probe of Trump hotel conflicts of interest Dem: Trump must ensure business deals don't violate Constitution MORE (D-Del.) and Tom CoburnTom CoburnWill Trump back women’s museum? Don't roll back ban on earmarks Ryan calls out GOP in anti-poverty fight MORE (R-Okla.).
The two requested answers by Oct. 16. Neither office immediately responded to questions about what information they had received.
Carper is behind a bill that would set stricter guidelines for government agency information security policies.
The FBI has not officially confirmed the AP report, only acknowledging “there is some attribution” without specifying exactly who was responsible.
This story was updated at 8:02 p.m.