WASHINGTON — A cyberattack similar to previous hacker intrusions from China penetrated computer networks for months at USIS, the government’s leading security clearance contractor, before the company noticed, officials and others familiar with an FBI investigation and related official inquiries said.
The breach compromised the private records of at least 25,000 employees at the Homeland Security Department and cost the company hundreds of millions of dollars in lost government contracts.
In addition to trying to identify the perpetrators and evaluate the scale of the stolen material, the government inquiries have prompted concerns about why computer detection alarms inside the company failed to notice the hackers and whether federal agencies that hired the company should have monitored its practices more closely.
Former employees of the firm, U.S. Investigations Services LLC, also have raised questions about why the company and the government failed to ensure that outdated background reports containing personal data weren’t purged regularly from the company’s computers.
USIS reported the cyberattack to federal authorities June 5, more than two months before acknowledging it publicly.
The attack had hallmarks similar to past intrusions by Chinese hackers, according to people familiar with the investigation. In March, hackers traced to China were reported to have penetrated computers at the Office of Personnel Management, the federal agency that oversees most background investigations of government workers and has contracted extensively with USIS.
For many people, the impact of the U.S. Investigations Services break-in is dwarfed by recent intrusions that exposed credit and private records of millions of customers at JPMorgan Chase & Co., Target Corp. and Home Depot Inc.
But it’s significant because the government relies heavily on contractors to vet U.S. workers in sensitive jobs.
The possibility that national security background investigations are vulnerable to cyber-espionage could undermine the integrity of the verification system used to review more than 5 million government workers and contract employees.
