WT Business Beat

By Nick Wakeman

Blog archive
Nick Wakeman

Congressman wants answers on KeyPoint data breach

Much like U.S. Investigative Services before it, KeyPoint Government Solutions is now finding itself in congressional crosshairs thanks to a data breach that exposed personal information of nearly 50,000 government employees.

KeyPoint saw its background investigation business with the Office of Personnel Management soar after OPM cancelled its contracts with USIS after it suffered a data breach, though USIS also had other issues weighing against it.

Rep. Elijah Cummings (D-Md.) has sent a laundry list of items to KeyPoint, wanting more information about the breach that occurred in the fall of 2014. Cummings is the ranking minority member on the House Government Oversight and Reform Committee.

The list of 13 items in the Jan. 6 letter includes requests for information on:

  • All data security requirements that apply to federal contracts in effect at the time of the breach.
  • A log of all successful cyber intrusions into the company’s networks in the last four years.
  • Findings of forensic investigative analysis or reports about the data breach.
  • Names of individual suspects or entities believed to have caused the data breach.
  • A list of all federal customers potentially affected.
  • An explanation of why the company kept personally identifiable information of federal workers.

Click here to read the entire letter and list of requested information.

KeyPoint declined to a request for comment on the letter or the breach.

When we first reported on the breach in December, Cummings said the incident “underscores the need for Congress to conduct oversight on areas where the government relies upon private sector companies to secure government-related information.”

Cummings also was a critic of USIS, which had been the government’s largest provider of background investigations. USIS suffered a breach and OPM cancelled its contracts. The data breach was the last straw of sorts for USIS, which had been a source of controversy for more than two years because of its involvement in the background investigations of NSA leakers Aaron Alexis and Edward Snowden. It’s also the target of a Justice Department investigation.

Cummings is right to ask the questions he’s asking, but we need something more. Perhaps a stronger reporting requirement, but one that also protects the companies who are doing the reporting.

There’s likely not a government contractor out there that hasn’t been a target of hackers, so it was very chilling when USIS was shut down because it reported its breach. Companies need to be encouraged to share information, and to do so without fear of reprisals.

Posted by Nick Wakeman on Jan 07, 2015 at 12:05 PM


Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.