Personal Security - Advice: DHS Employee Personally Identifiable Information (PII)

 

 From: bordercop Sent: Wednesday, August 20, 2014 Subject:  Possible Compromise of DHS Employee Personally Identifiable Information (PII)

 

From: DHS Employee Communications
Sent: Wednesday, August 06, 2014 2:33 PM
Subject: Possible Compromise of DHS Employee Personally Identifiable Information (PII)

 

August 6, 2014

Possible Compromise of DHS Employee Personally Identifiable Information (PII)

The Department of Homeland Security (DHS) has learned of a cybersecurity intrusion of a private contractor used by DHS and other federal agencies to conduct security clearance investigations and suitability investigations. The contractor recently informed the Department of a vulnerability that existed in the contractor's system used to process personnel security investigations. The system gathers and stores information including sensitive personally identifiable information (PII) related to security clearance or suitability background investigations.

A multi-agency response team is working with the contractor to assess the full extent of the vulnerability. As a result of this vulnerability, the contractor's network and PII stored on it was potentially accessible to unauthorized users.    In order to lessen the impact of any compromise of data, DHS has stopped providing sensitive information to the contractor and temporarily suspended all background investigations that the contractor is currently conducting.  The contractor is cooperating with this effort.  Out of an abundance of caution, however, we are notifying you of the possibility that personally identifiable information about current and/or former federal employees could be at risk. When we verify specific cases where PII was compromised, we will take additional steps to inform the individuals affected as soon as possible.

The Department takes seriously its responsibility to safeguard personal information, and will continue to aggressively investigate and work with the contractor to remediate this vulnerability.  We are pursuing every avenue available to ensure that the contractor mitigates the potential effects resulting from this incident and to prevent another incident from occurring in the future.

DHS Personnel can protect themselves by taking some precautionary steps:

Security Tips for Protecting Privacy

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Don't send sensitive information over the Internet before checking a website's security (see Protecting Your Privacy for more information).
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
• Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).
• Take advantage of any anti-phishing features offered by your email client and web browser.
• For more information, visit http://www.us-cert.gov/ncas/tips.

Requesting Fraud Alerts or Credit Reports:

1.      To request a fraud alert to let potential creditors know to contact you before opening a new account in your name, please contact one of the credit rating agencies at the below listed numbers. The agency you contact will provide the information to the other agencies.

·         Equifax:  (800) 525-6285

·            Experian:  (888) 397-3742

·         TransUnion: (800) 680-7289

2.      You are entitled to a free copy of your credit report, once every 12 months.  For information on how to obtain your report, visit www.annualcreditreport.com or call 1-877-322-8228.

3.      When you receive your credit report, review the personal information for accuracy, and examine each report carefully for accounts that you did not open or for inquiries from creditors that you did not initiate.  If you see anything that is inaccurate or that you do not recognize, immediately call the credit rating agency and promptly report suspicious activity to your local police department and the Federal Trade Commission (www.ftc.gov).

 

---

I am using the Free version of SPAMfighter.
SPAMfighter has removed 20122 of my spam emails to date.

Do you have a slow PC? Try a free scan!

---

This email is free from viruses and malware because avast! Antivirus protection is active.