A major contractor providing background checks for the Department of Homeland Security (DHS) was hit by a cyberattack, it said on Wednesday, prompting the government to suspend its work with the firm.
U.S. Investigations Services (USIS), the largest supplier of background checks for the government, said in a statement that experts who have examined the hack “believe it has all the markings of a state-sponsored attack,” but did not detail possible suspects.
The FBI has launched an investigation into the issue and USIS is working along with the DHS and other agencies to determine how many people’s information was affected and how to seal up the company’s systems.
DHS spokesman Peter Boogaard said that some agency employees’ information may have been compromised.
He said the department has told all staffers to watch for suspicious activity on their financial accounts “out of an abundance of caution.” Staffers are also being told to watch out for odd requests for personal or financial data and to report anything unusual.
Senate Homeland Security Committee Chairman Tom CarperTom CarperA guide to the committees: Senate Senate advances Trump's Commerce pick Warren: Trump's EPA pick the 'attorney general for Exxon' MORE (D-Del.) said on Thursday that the news was “deeply troubling and underscores the scary reality” of how much information is vulnerable in cyberspace.
The incident should compel lawmakers to act on a bill he introduced with Sen. Tom CoburnTom CoburnCoburn: Trump's tweets aren't presidential The road ahead for America’s highways Rethinking taxation MORE (R-Okla.) to update the government's response to attacks, he said.
“This legislation will enhance federal agencies’ ability to fend off 21st century threats – and as we were reminded today, we cannot afford more delay on this issue,” Carper said in a statement.
As the government tries to assess the scope of the damage, DHS has suspended its work with USIS until it can determine that data it hands over will be kept safe.
“We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network,” USIS said.
“Cybercrime and attacks of this nature have become an epidemic that impacts businesses, government agencies, and financial and educational institutions alike,” it added.
The company has previously come under fire for allegations of fraud, with the Justice Department claiming it performed incomplete background checks for years. USIS has gained notoriety for performing the checks on both government leaker Edward Snowden and Navy Yard shooter Aaron Alexis.