DHS reveals data breach that includes 250,000 staffers and investigation witnesses after 8 months knowledge of incident

More than 250,000 Department of Homeland Security (DHS) employees along with individuals involved in on-going DHS criminal investigations, including witnesses, had their personally identifiable information (PII) compromised in a data breach.

Header DHS reveals incident after 8 months.png

On January 3, 2018, select DHS employees received notification letters that they may have been impacted by a privacy incident related to the DHS Office of Inspector General (OIG) Case Management System.  The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized unauthorized transfer of data.

This privacy incident involved the release of personally identifiable information (PII) contained in the DHS OIG case management system and affects two groups of individuals. The first group consists of approximately 247,167 current and former federal employees that were employed by DHS in 2014 (the “DHS Employee Data”).  The second group is comprised of individuals (i.e., subjects, witnesses, and complainants) associated with DHS OIG investigations from 2002 through 2014 (the “Investigative Data”).

“The PII contained in this database varies for each individual depending on the documentation and evidence collected for a given case. Information contained in this database could include:

Names, Social Security numbers, alien registration numbers, dates of birth, email addresses, phone numbers, addresses, and personal information provided in interviews with DHS OIG investigative agents,

” Kaplan said.

DHS said it took eight months to reveal this news because the data breach was closely associated with an on-going criminal investigation. 


e-End operates a secure facility in Frederick, MD,  specializes in destroying a wide variety of classified data and various controlled devices. This includes destruction of data containing hard drives, destruction of itar controlled devices, it equipment, and tactical military devices. They routinely destroy body armor that has reached the end of its certified period of use.