Personal information from more than 1,300 employees of the Veterans Administration nationwide was compromised in a computer breach involving security clearances, according to a memo being delivered this morning to VA employees.
They are among more than 48,000 employees across the federal government whose information may have been compromised, according to the memo, a copy of which was obtained by the Tribune.
The VA recently learned of the breach at private contractor KeyPoint Government Solutions Inc., according to the memo, sent by VA Chief of Staff Jose D. Riojas.
Among those affected by the breach are approximately 1,329 employees from the VA. KeyPoint, which contracts with the federal Office of Personnel Management, conducts background investigations of federal employees seeking security clearances, the memo said.
Contacted by the Tribune, regional VA officials said they are researching whether the breach involves any local employees, said Mary Kay Hollingsworth, spokeswoman for the VA Sunshine Healthcare Network. The network includes Florida, south Georgia, Puerto Rico and the U.S. Virgin Islands.
Hollingsworth had not yet received the memo.
Representatives from KeyPoint could not immediately be reached for comment.
The Office of Personnel Management, according to Riojas’ memo, “is working intensely with the Department of Homeland Security to investigate the breach.”
Investigators believe social security numbers, birth dates, place of birth information, home addresses and possibly credit reports may have been exposed.
So far, investigators have found no definitive evidence that personal information was taken by the hackers, according to the memo. However, the Office of Personnel Management still plans to notify 48,439 Federal employees, including the VA employees, about the breach.
Affected employees will be offered free credit monitoring, according to the memo.
Since the breach, “KeyPoint has implemented additional security controls that bolster its IT networks and provide better protection,” according to the memo.
KeyPoint no longer stores social security numbers on its network and has started a new practice of deleting all other sensitive information once a completed case is submitted to the Office of Personnel Management.
The measures limit the amount of personally identifiable information on the networks, according to the memo, “and help to further decrease the likelihood and magnitude of potential data breaches.”
Stay with TBO.com for updates.