A company responsible for doing background checks on US government employees has been hacked, the US Department of Homeland Security (DHS) said Wednesday.
The department is “aware of a cybersecurity intrusion” at the private company, DHS spokesman Peter Boogaard said in a statement.
The FBI has launched an investigation and the Government has formed a cyber response team to work with the company to identify the scope of the intrusion, Boogaard said.
Some DHS employees may have been affected, he said, adding that DHS has notified its entire workforce to advise them to monitor their financial accounts for suspicious activity.
Employees also are being advised to watch for unsolicited requests for personal and financial information.
DHS did not identify the company that was hacked.
The news comes on the heels of a report by an internet security company saying that Russian hackers have breached 420,000 websites and stolen more than 1 billion user names and passwords.
The company that said it discovered the hack, Hold Securities, described the thieves as a Russian cybergang. The group is currently in possession of the largest cache of data ever stolen, Hold Securities said on its website.
“Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach,” Hold Securities said.
Its technique involved targeting every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites, the company said.
The company said it discovered the breach after more than seven months of research.
The CyberVor gang amassed over 4.5 billion records, mostly consisting of stolen credentials. Of these, 1.2 billion credentials appear to be unique, belonging to over half a billion email addresses.
Hold Securities says it has been instrumental in discovering other cybersecurity breaches, including identifying and tracking a breach of US retailer Target in February.