After a December data breach of contractor KeyPoint Government Solutions Inc. that may have compromised the personal information of nearly 50,000 federal employees, Rep. Elijah Cummings, D-Md., is asking for more information on what exactly happened.
Cummings, the ranking member of the House Committee on Oversight and Government Reform, penned a letter to KeyPoint CEO Eric Hess explaining how the vulnerability of his company’s systems and others like it containing sensitive information on federal employees ‘poses a clear and present danger to our nation’s security.’ KeyPoint, a major contractor for processing federal background checks, experienced a network breach in December that put 48,439 federal employees at risk, according to the Office of Personnel Management.
The ranking member specifically asked for 13 pieces of information from KeyPoint, including ‘a log of successful cyber intrusions into the company’s networks in the last four years,’ ‘findings from forensics investigative analyses’ of the breach, the identities of the suspected hackers, KeyPoint’s data security policies and improvements made since the breach, and other further information on the number, types and date ranges of personally identifiable information subjected to the breach.
Cummings requested the information delivered to the committee by Jan. 30, and he asked that the company’s chief information security officer or a comparable IT security executive brief him by Jan. 26.
The story doesn’t end there, however. Cummings has been hot on this type of data breach since U.S. Investigations Services LLC, a similar background check contractor, put about 25,000 federal employees’ information at risk in August. After that breach, the Maryland representative asked Oversight Committee Chairman Darrell Issa, R-Calif., to subpoena USIS CEO Sterling Phillips. USIS had also been targeted by the Oversight Committee for allegations of fraud by two of the company’s top officials.
‘A company that was supposed to be helping to secure our nation stands accused of dumping incomplete background check investigations to increase corporate profits, and now the personal information of tens of thousands of government workers seeking security clearances appears to have been compromised,’ Cummings wrote in his letter to Issa. ‘Yet, USIS continues to obtain new contracts, and the CEO appears to believe he can ignore the Committee with impunity.’
In his letter to KeyPoint, Cummings wrote that this most recent breach is ‘disconcerting given that it appears to be related to a similar data breach at another private company, USIS, that was also responsible for preforming critical background check services for the federal government.’ The USIS breach was found to have unveiled the sensitive information of federal workers who were in the process of obtaining or had obtained security clearances to perform classified work.
In an email to OPM employees after the breach, agency Chief Information Officer Donna Seymour wrote, ‘[t]he immediacy with which KeyPoint was able to remediate vulnerabilities has allowed us to continue to conduct business with the company without interruption.’