Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer

The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.

TSA I hope

that would be karma.

Re:TSA I hope

[Mr+D+from+63]

They used to publish big books with people's names, addresses, and phone numbers. They were distributed to criminals for free. . And most people wanted to be in it.

Times have changed.

Re:TSA I hope

[Hal_Porter]

The TSA allowed a reporter to photograph the master keys for those stupid TSA locks.

https://www.wired.com/2015/09/...

With the result that now anyone anywhere in the world can open your luggage, take stuff out and reseal it.

Re:TSA I hope

[DontBeAMoran]

This is the perfect example to use against the idiots who want backdoors in operating systems, smartphones, tablets and computers.

Re:TSA I hope

You even had to PAY to not be listed in those books. However, those books never had your SSN.

Re:TSA I hope

Yeah those didn't have social security numbers you fucking irresponsibly boring moron.

Re:TSA I hope

This is the perfect example to use against the idiots who want backdoors in operating systems, smartphones, tablets and computers.

The problem is the assholes and idiots who want backdoors to all forms of security are one of two flavors:

1) The idiots who can't be educated on the technology and think mathematics is subject to laws written by people
2) The assholes who don't care if they break security for everyone as long as they can expediently get access to any and all data

Neither of these groups gives a fuck ... they want security, at any cost, and if the security of the state breaks security for everybody, or if this weakened security encroaches on other freedoms, the simply don't care.

For them, you have nothing to fear if you have nothing to hide makes perfect sense. And they're utterly incapable of understanding said back holes would weaken banking, the security of the networks they're trying to protect, and pretty much everything else.

Make no mistake about it, the nascent fascists who think it should be illegal to have secrets from the government simply don't give a fuck about the consequences of that.

Unless of course it happens to be their own bullshit they do when nobody is looking. Then somehow they realize their freedom to fuck their secretary (or some guy in an airport bathroom) derives from a degree of privacy and secrecy they believe to be situational.

Look at law enforcement or law makers. What they want is the ability to open anybody's phone, computer, network connection ... any time they want ... without any oversight. Because law enforcement tends to be assholes and fascists who don't know or care about the law.

It's taken about 20 years for Americans do go from understanding "papers please, comrade" as a warning against state encroachment on your rights, to actively championing the sentiment. In fact, 16 years, two months, and a bit.

And sadly, Americans have become all too willing to trade their liberties for the illusion of security. The problem is they're very willing to trade other people's liberty first.

Re:TSA I hope

[AutodidactLabrat]

Cheer up.
The majority, by 2.86 million, do NOT agree with endless police state tactics and "rough him up" declarations by the "messiah" of the moment

Re:TSA I hope

Except that the Hillary Supporters are the ones that actively believe that the state should access all of your secrets. These are the same clowns that supported and applauded Obama's extension of the GB secret courts and data mining. They also supported having the FBI access iPhones whenever they want "to protect from terrorists" and "think of the children".

Nice try though.

Re:TSA I hope

Generally only one name per address, not everyone who lived there. And no SSN or birthdates.

twit.

Re:TSA I hope

With the result that now anyone anywhere in the world can open your luggage, take stuff out and reseal it.

Given that a huge number of people use zipper-closed suitcases, any idiot with a Bic pen can already open most luggage, take stuff out and reseal it, no golden keys required.

(Have you tried finding luggage that isn't zipper-closed? Good luck with that.)

Re:TSA I hope

[TheCarp]

Incorrect.

The master key of these locks is not like a cryptographic key; it conveys no security at all. Since locks with the same master key are easily purchased; the shape of the master key is trivial to reverse engineer anyway.

Nothing was revealed by that photograph. Anyone who wanted a copy of that key could always have made one.

Bottom line: any mass market lock with a master key is fake security. TSA is endangering the public by even mandating one. This employee did nothing wrong except work for the TSA.

Re:TSA I hope

[burtosis]

Maybe not the best example as described because with a few TSA approved locks you could likely reverse engineer the key with high accuracy, no need for an errant photograph. It would be like a backdoor in your encrption where you were led to believe you are secure but whose key was half ass hashed and sent in plaintext everywhere. Then again, on second thought, maybe this is indeed the perfect example.

Re:TSA I hope

This is the perfect example to use against the idiots who want backdoors in operating systems, smartphones, tablets and computers.

And the idiots who want to put this same government in charge of health care.

This government can't even run simple airport security, yet you want to put it in charge of everyone's healthcare?!?!?!

Re: TSA I hope

[dougdonovan]

$$$ talks.

Re:TSA I hope

Or put stuff in. I can't think of a better way to move product from A to B than inside the luggage of chump C. All you need is to buy off one baggage handler, security agents or other underpaid overworked easy mark at each end that have access to post-security theatre luggage, and you've got a foolproof way of getting whatever from one point to another.

If your man at the destination flubs the pickup, you're down a shipment, but nobody that can finger you is implicated. The chump might end up in some third world hellhole for a few years, but who cares? Their protests of innocence will sound just as inauthentic as all the mules who were in on it, and you don't even have to pay air freight prices.

Re:TSA I hope

[Hal_Porter]

Yeah, that's very worrying possibility. Hell in places like Russia or China I wouldn't put it past them to plant stuff in your baggage and then use that to detain you until you pay them off.

Re: TSA I hope

[houghi]

When I travel, I do not use locks. I user zip ties. I know that suitcase locks are useless. I just want to know if they opened it. Unlikely they go to the trouble of finding a similar zipty without wasting time.
If they are thieves, they either do not care or take the next to stay unnoticed. If they are the TSA they rather put a note in it that kit has been searched and be carefull they can not be blamed for theft.

Re:TSA I hope

Nothing was revealed by that photograph. Anyone who wanted a copy of that key could always have made one.

News flash: Most physical locks can be bypassed. The amount of "security" they add depends on the amount of work necessary to bypass them and having to make a master key based on a lock is quite a bit harder than just printing it out.

Re: TSA I hope

I just want to know if they opened it. Unlikely they go to the trouble of finding a similar zipty without wasting time.

Most locked suitcases can be opened and closed without leaving a sign. The zipper is a weakness.

Very alarming

[FFOMelchior]

There are (at least) 246,000 DHS employees?

Re:Very alarming

There are (at least) 246,000 DHS employees?

is it really alarming that a country requires less than 0.1% of its citizens for security?

Re:Very alarming

Someone needs to break this down. My understanding is the Coast Guard is under DHS, but that would only account for around 30,000 at most. Is the 246K figure correct? How could that be?

Re:Very alarming

Alarming how? Washington state, with a population of about 7.2 million people has approximately 500,000 government employees. DHS having just 246,000 for a nation with 330+ million people is not very many people at all.

Re:Very alarming

[lazarus]

$12.3 billion in salary alone if the average is $50k full-loaded. I suspect the number is probably closer to $80k and the total would be $19.7 billion. I can't imagine what the total budget would have to be to protect the US's borders, but it is obviously an outrageous amount.

Re:Very alarming

[nospam007]

" I can't imagine what the total budget would have to be to protect the US's borders, but it is obviously an outrageous amount."

Indeed, from WP:

Employees 229,000 (2017) [1]
Annual budget $40.6 billion (2017)[2]
Agency executives

        Elaine Duke, Acting Secretary
        Claire Grady, Senior Official performing the duties of Deputy Secretary

Child agencies

        United States Citizenship and Immigration Services
        U.S. Customs and Border Protection
        Federal Emergency Management Agency
        U.S. Immigration and Customs Enforcement
        Transportation Security Administration
        United States Coast Guard
        National Protection and Programs Directorate
        United States Secret Service
        Federal Law Enforcement Training Center
        Citizenship & Immigration Services Ombudsmen
        Domestic Nuclear Detection Office
        Management Directorate
        Office for Civil Rights & Civil Liberties
        Office of General Counsel
        Office of Health Affairs
        Office of Intelligence & Analysis
        Office of Legislative Affairs
        Office of Operations Coordination
        Office of Partnership & Engagement
        Office of Policy
        Office of Public Affairs
        Office of the Inspector General
        Privacy Office
        Science & Technology Directorate

Glad to see same typical response we always get

"oops, our bad, here's your free 18 months of credit monitoring"

No one goes to jail, no one gets sued back to the stone ages. Providing free credit monitoring every couple of years is just the new cost of doing business. It's way cheaper than actually securing stuff.

Re:Glad to see same typical response we always get

"It's way cheaper than actually securing stuff."

With the added benefit that most likely your new victims are already being monitored because of a prior breach.

Soon we'll have universal credit monitoring -- then the credit monitoring company will be hacked -- oops, forgot we already had that...

Nevermind ;)

Last name Clinton.

[Zorro]

So, no charges, wasn't even a crime claims the TSA.

Re:Last name Clinton.

So, no charges, wasn't even a crime claims the TSA.

In other news, swamp not drained, nor wall built. Yawn.

Re:Last name Clinton.

[Camel+Pilot]

Who are in charge of the DHS in May 2017? Hmmmmm?

Re:Last name Clinton.

[DickBreath]

It's not a crime. It's an, uh . . . it's an off site backup! That's what it is!

Re:Last name Clinton.

Who are in charge of the DHS in May 2017? Hmmmmm?

That was when the data was FOUND.

From TFS:

Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.

Given that the data only includes DHS employees through the end on 2014, do you have the balls to comment on who was in charge THEN?

I'm guessing no.

Re: Last name Clinton.

Its sexist to ask if someone "has the balls" for a task. Please stop perpetuating and normalizing blatant societal sexism.

Re:Last name Clinton.

In still other news, Congress continues to be obstructionist in order to keep themselves "in power".

Re: Last name Clinton.

Meh. Ovaries are as ball-shaped as testicles are. Get a grip.

Re:Last name Clinton.

That would be Jeh Johnson....

https://en.wikipedia.org/wiki/United_States_Secretary_of_Homeland_Security

Re:Last name Clinton.

Trump supporters are dumber than cattle

Re:Last name Clinton.

[Camel+Pilot]

The breach was discovered in May 2017 the data contained older records.

Re: Last name Clinton.

XY people born with balls are historically well known for (and in today's political climate being quickly called out for) stupid brashness, quick to fight, needlessly challenging, and clumsy in discourse. So AC is correct to assign the characteristic of ballsy to anyone willing for comment on what he presents as an open & shut case. In other words he's saying: "Care to challenge me? If so you are primitive and only thinking with your groin & not your head because anyone can see I'm right."

Now whether his paragraph is right or wrong is beside the point- his use of ballsy is correct. And any nitpicking of it is normalizing SJW nitpicking and preventing society from just moving on at a good clip, until every minutia of human behavior is retrained to satisfy the most neurotic of us. Lest they be offended.

Re:Last name Clinton.

A bulk data transfer. Needs approval, and another to audit.
I hope the person caught enjoys loosing his house and car and potentially freedom
The usual excuse is I needed real data to work on - cause I could not do it at work

MIB

This is why I only want to be known as Agent FU.

had my identity stolen so many times, I'm nobody

[Thud457]

If breaches like this keep up, pretty soon we're all going to be anonymous.

Very Stupid!!!

Someone needs to break this down. My understanding is the Coast Guard is under DHS

does someone need to teach you how to surf the web? maybe you need your diapers changed?

What's more scary

Is the fact that there are 246,000 DHS employees. That larger than some nations armies.

Re:What's more scary

Is the fact that there are 246,000 DHS employees. That larger than some nations armies.

gosh less than 0.1% of our country works to secure its borders, and that's way too many!

Re:had my identity stolen so many times, I'm nobod

maybe you should stop posting on slashdot with identifying information

This is just another example of why...

[Sqreater]

....computer systems will NEVER be secure and why people should never expect their data to be safe from criminals and governments etc.

Re:This is just another example of why...

[AHuxley]

Think in terms of the FBI and federal, state, city internal affairs investigations.
If all the secret data was secure how can cleared gov workers be watched and tracked 24/7?
The gov systems in the USA are set up to watch for internal criminals, whistleblower, media investigations and corruption 24/7.
If everything was encrypted how could investigators see data moving around networks to gov staff who then walk out, sell secrets?
One good example is the data use of once trusted staff tempted to become a whistleblower.
They collect information network wide and then walk out with the data sets to give to the waiting media.
How is that going to be tracked before publication?
With plain text all that can be seen in real time as a worker starts to get ready to become a whistleblower.
Security can move in before a member of the media of contacted and constitutional media freedoms provide legal cover for publication.
If the worker did manage to get the data out, at least the US gov/mil has some warning that data walked out and a counter/cover story can be ready for publication.
Plain text is security bait for US workers and is an easy way to sort the loyal gov workers who will obey any orders from the people who become whistleblowers.
Its great for criminal, media and spy investigations too as US/UK collect it all methods can find that plain text all over global networks in real time.

Re: This is just another example of why...

soooooo, why wasn't this caught? In quite a few of the terrorist attacks in the US over the past couple of years, it was later revealed that these actors had communicated via sms and the idiots who r supposed to be watching for this stuff worldwide in real time missed it. If the gov wants this access but isn't going to use it, then they really have no business asking for it.

Re: This is just another example of why...

[AHuxley]

Re "soooooo, why wasn't this"
So many cyber investigation that the investigations and interviews cant keep up?

Not a big deal really

[WinstonWolfIT]

Files on a computer doesn't mean anything. All work computers here are required to be encrypted and locked when unattended, which is a minimum level of security.

Re:Not a big deal really

Where is "here"?

Oh, the irony!

I mean come on, seriously.

They're so competent

We should make sure that government employees are the only ones with guns!

Hello Let me introduce myself

My name is mud, can you toss me that life preserver, I seem to have slipped into a deep database error.

  * ROUTE BY: 69:6.6.6/86 - saved crow flavoring receipes before computers shutdown!?

Re:Hello Let me introduce myself

once upon a midnight crow
my wallet fell down way below
then one day x did a regular querry
that's when I become 230
no more security socially
no more sipping tea at three
no more place to take a pee
no live face matches up to me
it's time to get a new id
not for just you but also for me
but this must also be for all the people
not just the cult up in the steeple
this is the solution moving forward
those who come unjust must go backward
nobody in this country who served is expendable
it's okay to be white
it's okay to be black
it's okay to be any fucking color.
It's okay to be any religion.
It's not okay to be in a death cult.
It's not okay to leave the border open
We also need to have a "talk" with a "decision" and "action" about dual citizens serving at the HIGH OFFICES and CHOKE POINTS.

THE END.

Nice, dishonest, try

Trump's man General Kelly was running DHS when the culprit was caught ... so thr Trump admin was the one to clean it up.

All the employee data and the culprit are from the Obama years though, so the criminal activity is all on Mr Obama and his minions. The only reason Mr Obama can keep strutting around claiming to have had a scandal-free administration is that none of his people had the ethics to recuse themselves when they were conflicted none of his people allowed any investigations by any executive or independent investigators, and none of his administration cooperated with any congressional or judicial investigations. In other words, Obama's team was more disciplined and therefore more successful in obstructing justice than Nixon's.

Keep trying though ... eventually one of these anti-Trump attacks will fail to ricochet and hit a leftist ... just not today.

Re: Nice, dishonest, try

Stop blaming Obama. He was never a president. You had to be born in the USA to be President, ergo he wasn't. So it is congress's fault. All loyal Trump voters should vote against whoever their current congressman is and try the other party.
#MAGA