Readers may recall that US Investigations Services, LLC, the contractor who conducted personnel background checks for the Department of Homeland Security, detected a hack in June. The breach affected 27,000 DHS employees.
For some reason, USIS is now first sending a copy of a notification letter to the California Attorney General’s web site and to the New Hampshire Attorney General. Their notification does not state that they were asked to delay notification.
It may be that this breach notification does not concern the DHS employees and that they only recently determined that their own employees’ information was also compromised, because they write that the personal information was retained ” in connection with your engagement by USIS.”
If that’s not the explanation, then damned if I know why they are so late in notifying California and New Hampshire.
The letter does not indicate when the intrusion occurred.
If anyone has additional information or a clarification, please use the Comments section below.
Update: Stephen Braun and Eric Tucker of Associated Press have an interesting report on the USIS breach and its consequences for the firm, but it makes no mention of the delayed notification that is the subject of my blog post. Maybe they can find out.