The Pentagon recently disclosed a significant data breach of Department of Defense records. Per a report from the Associated Press, the breach involved a Department of Defense contractor and exposed data from DoD travel records, including personal information and credit card numbers. It is estimated the breach affected some 30,000 people. The AP report notes those estimates could increase as the government continues to investigate the breach. Both “military and civilian personnel” were affected.
A cyber security team member notified Pentagon leaders about the breach on October 4. Since then, the government has been trying to ascertain the size of the hack and determine who was responsible for it. While those details remain unavailable, the Pentagon has indicated an unidentified Department of Defense contractor may be involved. The vendor was not identified for “security reasons.”
This incident isn’t the first time the federal government has indicated a third-party contractor is involved in a breach. In 2014, USIS, a contractor for the Office of Personnel Management (OPM), disclosed a breach that exposed personal information for 25,000 government employees. At the time, USIS was responsible for running most of the security clearance background checks for OPM. Shortly after that, OPM cut ties with USIS, and just months after that, OPM suffered its own massive breach, which compromised 21.5 million personnel records.
These issues, with USIS and with the unidentified vendor allegedly responsible for the recent Pentagon breach, beg the question of what strategies the federal government has in place for screening its contractors. The AP report raised questions about whether the Pentagon was adequately protecting its data and systems at all, regardless of the involvement of outside vendors. A federal report released a few weeks ago noted the Pentagon had been lax about updating security for military weapons programs, leaving them vulnerable to cyber breaches.
At backgroundchecks.com, we offer a solution tailored to help businesses screen vendors, contractors, co-employed individuals, and other non-traditional personnel. Organizations often struggle with vetting these individuals or entities. Some aren’t sure where to start, while others wonder whether vendors or contractors require the same level of background check vigilance as full-time employees.
As the leak of DoD travel records shows, a vendor or contractor can hold significant responsibilities in the areas of privacy and data management. You are trusting the organizations or individuals with your company’s data, trade secrets, and other proprietary information. Running adequate background checks for contractors and vendors is just as important as it is for your full-time employees. Learn more about the importance of vendor and contractor background checks by reading our whitepaper on the subject.