Cyber Incident Victim: Department of Homeland Security
Date:
Sep 2013
Location:
United States of America
Summary
A security breach at a U.S. Department of Homeland Security contractor portal exposed sensitive documents and financial data belonging to organizations bidding on a communications technology contract. Unauthorized external access over several months compromised approximately 520 files, including proposals, contract deliverables, and bank account information for 16 entities among 114 potentially impacted bidders. The agency notified affected companies, provided details of accessed documents for internal assessment, and confirmed the portal was operated by an external vendor serving multiple government clients. The incident’s origin and full scope beyond the agency’s contract data remained under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In January 2014, the U.S. Department of Homeland Security (DHS) notified 114 organizations that their private documents and financial information were exposed through unauthorized access to a DHS web portal. The breach occurred over a four-month period prior to the notification and affected contractors who bid on a 2013 contract for DHS's Science & Technology division, which sought communications technologies for first responders. Unauthorized external actors downloaded 520 documents, including white papers, proposals, contract award notifications, deliverables documentation, and supporting materials. Among the compromised data were bank account details for 16 organizations, though most impacted entities had non-financial business documents accessed. DHS Privacy Officer Christopher Lee issued formal notifications via mail in early January 2014, confirming the exposure window and advising recipients that their bank information "may have been improperly accessed." The agency acknowledged the incident but had not yet determined the cause or origin of the unauthorized access at the time of disclosure.
The compromised portal was operated by REI Systems Inc., a Herndon, Virginia-based government contractor providing technology services to multiple federal agencies including Health and Human Services, Justice, GSA, IRS, NASA, and the FAA. DHS confirmed that all 114 affected organizations received individualized lists of accessed documents to assess business sensitivities, with the 16 entities containing financial data receiving prompt direct notifications from the Science & Technology division. REI Systems declined to comment on whether the breach extended beyond DHS-related data to other government projects hosted on their infrastructure. DHS did not publicly disclose technical details about the portal's security mechanisms, intrusion detection methods, or containment procedures beyond confirming the unauthorized document downloads and initiating victim notifications. The incident exposed vulnerabilities in a system handling sensitive procurement data for critical infrastructure development contracts.