Federal employees stole data from Homeland Security

It appears they were using it to make a knockoff version of agency software.

Anadolu Agency via Getty Images

Three employees of the inspector general's office for the Department of Homeland Security (DHS) are accused of stealing a computer system that contained around 246,000 employees' personal data. That information included names, social security numbers and dates of birth, USA Today reports, and one of the suspects is also said to have had in their possession around 159,000 agency case files. The data breach was reported to DHS officials in May and acting DHS Secretary Elaine Duke decided in August to notify the employees whose information was included in the stolen data.

However, the personal information doesn't appear to be the three employees' main target. Instead, investigators say that the employees were working on a knockoff version of the agency's proprietary case management software, which they intended to market and sell to other federal offices. The stolen data was likely going to be used to help them develop and test the software. In a report sent to Congress, the office of the inspector general said it had, "seized all known servers and other devices potentially containing exfiltrated data in the possession of the subjects."

According to the New York Times, one of the suspects has left the inspector general's office while the other two have been suspended as the investigation continues. And USA Today reports that the employees affected by the data breach will be offered an 18-month credit monitoring subscription.

Other government agencies that have been impacted by data breaches in recent years include the Securities and Exchange Commission, the federal government's Office of Personnel Management, the Internal Revenue Service and the Office of the Comptroller of the Currency (OCC). Like this breach, the OCC's data was also taken by an employee.

The inspector general's office has been updating congressional committees about the breach since it was first discovered. The DHS and the US attorney's office for the District of Columbia are both investigating the breach.