Recently it was discovered that a Department of Homeland Security (DHS) / Office of the Inspector General (OIG) employee was in possession of a file that contained nearly a quarter of a million – that’s right, 250,000 records of people employed by DHS as well as subjects, witnesses and complainants associated with ongoing investigations from 2002 – 2014. The data included social security numbers, dates of birth, positions, grades and duty stations. Daniel Conrad, Identity and Access Management Specialist at One Identity commented below.
Daniel Conrad, Identity and Access Management Specialist at One Identity:
“Had DHS acquired and deployed a robust identity and access management platform, it may have been able to avert this calamity by first, ensuring only the right people have access to this type of sensitive data. Secondly, a robust framework also have strong auditing and segregation of duties capabilities that may have alerted the right people at DHS that this volume of sensitive data was “leaving the building.”
“It’s good that the DHS has alerted the affected individuals of this “breach.” It would have been better had they prevented it in the first place.”