Wednesday, January 22, 2014

DHS Alerts Contractors to Bank Data Theft - First level concerns : A security breach at a Web portal for the U.S. Department of Homeland Security has exposed private documents and some financial information belonging to at least 114 organizations that bid on a contract at the agency last year..... second level concern : The portal in question is run by Herndon, Va. based REI Systems Inc. REI has not commented so a question exists is the breach at REI limited to DHS data or does it extend to other REI projects for the Government - note that pursuant to REI's website , they provide similar tech services to Department of Health and Human Services, the Department of Justice, the General Services Administration, the Internal Revenue Service, NASA, and the Federal Aviation Administration !

http://krebsonsecurity.com/2014/01/dhs-alerts-contractors-to-bank-data-theft/


DHS Alerts Contractors to Bank Data Theft

A security breach at a Web portal for the U.S. Department of Homeland Security has exposed private documents and some financial information belonging to at least 114 organizations that bid on a contract at the agency last year.
dhsletter“This letter is to inform you that your company’s bank account information may have been improperly accessed because of this incident,” reads a letter sent to affected organizations earlier this month by DHS privacy officer Christopher Lee. “The incident appears to have occurred sometime over the prior four months.”
The letter was sent to organizations that bid on a 2013 contract to help DHS’s Science & Technology division develop new communications technologies for first responders. According to DHS, the documents were downloaded from a department Web portal by unauthorized persons outside of the agency, although it hasn’t yet determined the cause or source of that access.
A spokesperson for DHS said that as a result of this unauthorized access, 520 documents including white papers/proposals, decision notification letters, documents regarding contract and award deliverables and other supporting materials were improperly accessed. That person said that of the approximately 114 organizations that were potentially impacted, only 16 had bank information in potentially accessed documents, and all were promptly notified by S&T. Additionally all affected companies are being provided a list of their accessed documents for their specific determination of business sensitivities and impacts, DHS notes.
The portal in question is run by Herndon, Va. based REI Systems Inc. The company declined to comment for this story, so it remains unclear whether the unauthorized access at REI Systems was limited to the DHS data, or if it affected other REI government projects. According to this page at REI’s Web site, the firm provides similar technology services to the Department of Health and Human Services, the Department of Justice, the General Services Administration, the Internal Revenue ServiceNASA, and the Federal Aviation Administration, among others.