Report: Chinese hacked security contractor

Chinese hackers roamed around unnoticed for months inside the networks of U.S. Investigations Services (USIS), the government’s main security clearance contractor, according to an Associated Press report.  

Lawmakers have been pushing for answers about the breach, which exposed the records of at least 25,000 Department of Homeland Security (DHS) employees. USIS said in August that the incident had “all the markings of a state-sponsored attack.”

Characteristics of the intrusion mirrored a previous breach at the Office of Personnel Management (OPM) in March, when Chinese hackers went after the files on tens of thousands of employees with top-secret clearances.

After the USIS breach was made public in August, the OPM said it would not renew its contracts with the company, worth roughly $320 million. USIS later laid off its 2,500 investigators.

The security checking company had already been a focal point of controversy. 

In January, the Department of Justice alleged it took shortcuts on 40 percent of its background checks, roughly 665,000 in total. USIS blamed any malfeasance on "a small number of employees," and pointed to changed leadership and enhanced oversight in response to the allegations.

Regardless, the company received a contract over the summer with the U.S. Citizenship and Immigration Services worth up to $190 million dollars, outraging lawmakers. The Government Accountability Office later ruled the government should reconsider the contract.  

After the recent breach, the chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee pressed the DHS for details about USIS’s compromised records.

The incident “raises many questions about the safeguards contractors are taking to protect against cyber intrusions, as well as the oversight provided by the contracting agency,” said Sens. Tom CarperThomas (Tom) Richard CarperOvernight Energy: Inhofe defends Pruitt after criticisms | Agency releases study on water contaminant | Trump rescinds Obama ocean policy Dems press EPA nominees on ethics, climate Overnight Energy: Senate panel sets Pruitt hearing | Colorado joins California with tougher emissions rules | Court sides with Trump on coal leasing program MORE (D-Del.) and Tom CoburnThomas (Tom) Allen CoburnMr. President, let markets help save Medicare Pension insolvency crisis only grows as Congress sits on its hands Paul Ryan should realize that federal earmarks are the currency of cronyism MORE (R-Okla.).

The two requested answers by Oct. 16. Neither office immediately responded to questions about what information they had received.

Carper is behind a bill that would set stricter guidelines for government agency information security policies.

The FBI has not officially confirmed the AP report, only acknowledging “there is some attribution” without specifying exactly who was responsible.

This story was updated at 8:02 p.m.