The US government's leading security clearance contractor has been the victim of a cyber attack that took months to even be noticed, according to recent reports. USIS, which specialises in "providing information and security services to government agencies and commercial enterprises", has come under fire for failing to spot the potentially harmful infiltration into its computer systems.
The breach, which was first revealed by the company and government agencies in August, is said to have compromised the personal records of at least 25,000 employees at the Homeland Security Department, and is reported to have cost the company hundreds of millions of dollars in lost government contracts.
As well as raising the usual questions about who was behind the hack and why, the recent compromise has raised concerns about why the company's internal security systems failed to identify and prevent the attack earlier.
Many commentators have also questioned why the company and the government failed to ensure that outdated background reports containing personal data weren't regularly deleted from the company's computers.
An analysis of the company's computer forensics by consultants hired by USIS's lawyers defended the company's handling of the breach, arguing that it was the firm that reported the incident in the first place, something which they clearly think deserves some kind of kudos. According to reports, though, USIS reported the cyber attack to federal authorities on June 5, more than two months before acknowledging it publicly. The analysis said government agencies regularly reviewed and approved the firm's early warning system.
Joseph Demarest, assistant director of the FBI's cyber division, described the hack against USIS as "sophisticated" but said "we're still working through that as well." He added, "There is some attribution" as to who was responsible, but no word yet on who they think was behind it. Stay tuned and we'll update this story as more news comes out.
Earlier this month hackers apparently breached computer systems at the White House.
White House authorities say they have taken steps to address suspicious activity detected on the network, which is part of the unclassified portion of US government networks, but White House computer systems were down for hours.
What do you think? Should USIS be commended for reporting the breach in a timely manner, or were their systems just not up to scratch in the first place? Let us know what you think in the comments section below, or stop by for a chat with the ITProPortal team and other readers on ITProPortal's tech talk live chat.