Provider of U.S. government background checks latest cyberattack victim

The main provider of background checks for the U.S. government is the latest victim of a cybersecurity attack – possibly launched by a foreign power.

U.S. Investigation Services (USIS), a key U.S. government contractor, said on Wednesday that it recently discovered a cyberattack on its corporate network. The Falls Church, Va.-based company immediately notified federal law enforcement, the Office of Personnel Management (OPM) and other federal agencies.

“Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack,” USIS said in a statement. The company is using an independent computer forensics investigations firm to find out exactly what happened in the attack.

Some experts were not surprised USIS was targeted.

“If you think in terms of ‘attack vectors,’ an established security firm with lots of government business would be a great avenue into government sites,” Roger Kay, president of Wayland, Mass.-based research firm Endpoint Technologies, told in an email.

Cybercriminals often “feel around” from one server to the next, looking for a way to bridge between them, according to Kay.  “They get in one, see what it's connected to, and explore promising directions,” he added. “Capture a friendly [server], and the bad guys can go after its friends.”

USIS said that its staff and the company's computer systems identified the attack. “We are working alongside OPM, the Department of Homeland Security (DHS) and federal law enforcement authorities in redoubling our cybersecurity efforts,” it added. “We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack.”

Specific details about the hack, such as the suspected perpetrator and the scale of the cyberattack, have not been revealed. With the investigation ongoing, USIS said that it is not providing any additional information.

In addition to background checks, USIS also provides investigative analytics and biometrics services to the government, as well as helping its records management efforts.

OPM told that it is working closely with the U.S. Computer Emergency Readiness Team (US-CERT) and the FBI to determine the attack’s impact on the agency and its partners. “Out of an abundance of caution, we are temporarily ceasing field investigative work with USIS,” said OPM Communications Director Jackie Koszczuk, in a statement emailed to “This pause will give USIS time to work with US-CERT and OPM to take the necessary steps to protect its systems.”

Koszczuk added that, to date, OPM has not been notified of any loss of personally identifiable information for its managed investigations. “OPM does not share and host information with USIS in the same way that other federal agencies do,” she said. “These are separate operations. We are vigorously working to learn the extent of the situation at USIS and we are taking appropriate actions to protect the security and integrity of our systems and data.”

The Department of Homeland Security has not yet responded to's request for comment on this story.

The USIS attack comes at a time of heightened concern about data breaches. Last year a Defense Science Board report accused China of using cyberattacks to access information from almost 40 Pentagon weapons programs, and cybersecurity tensions between the two countries continue to simmer. Last month U.S. authorities accused a Chinese businessman of hacking into the systems of American companies with major defense contracts, including Boeing.

Earlier this week, research specialist Hold Security, which has a strong track record of uncovering data breaches, reported that a Russian crime ring has got its hands on more than a billion stolen Internet credentials. Hold Security did not name the organizations affected, but said that the stolen data was gathered from 420,000 websites.

Follow James Rogers on Twitter @jamesjrogers