Multiple undercover investigators had their personal data exposed to hackers after a cyber attack struck a key contractor of the Department of Homeland Security in early August.
In fact, the data breach in question has affected the data of at least 25,000 workers, a number that could go up even further in the coming days.
According to Reuters, when the US Investigative Services (USIS) was hit with a cyber attack in the first week of August, hackers were able to gain access to extremely personal information connected to DHS employees, Immigration and Customs Enforcement workers, and Customs and Border Protection units. The sensitive data included Social Security numbers, criminal history, and the names and addresses of friends and family.
Employees whose data was exposed are already getting letters of notice from the government, but the letters state it is not clear whether the data was actually stolen.
Although neither USIS nor the government has offered information on where the cyber attack originated, the company did say the breach had “all the markings of a state-sponsored attack.”
It is also unclear what the hackers hoped to use the information for, though Dmitry Alperovitch of the cybersecurity firm CrowdStrike said it could be used by foreign intelligence departments to intimidate government employees.
"They would be collecting this data to identify individuals who might be vulnerable to extortion and recruitment," he told Reuters.
As RT previously reported, USIS said it quickly notified all of the agencies it works with as soon as it learned of the cyber attack. The FBI is currently investigating the situation, and the DHS has halted its work with the company in the meantime. Another agency, the Office of Personnel Management, also suspended work with USIS after the large breach was reported.
Congressional action over the matter is also under consideration. Rep. Elijah Cummings (D-Md.) said he would as the House Oversight and Government Reform Committee to launch an investigation, and Sen. Jon Tester (D-Mont.) called the incident “very troubling.”
“Americans’ personal information should always be secure, particularly when our national security is involved. An incident like this is simply unacceptable,” he added.