The breach, which also included some companies doing business with GAO, may further galvanize concerns about the federal government’s ability to defend itself from cyber intrusions.
The U.S. Government Accountability Office was notified of a data breach by government tech contractor CGI Federal last month that impacted some 6,600 people, the GAO confirmed to Nextgov/FCW.
“On January 17 of this year, CGI Federal, a contractor involved in GAO’s financial management systems, notified GAO of a data breach impacting approximately 6,600 people, primarily current and former GAO employees from 2007 to 2017, as well as some companies doing business with GAO,” spokesperson Charles Young said.
“GAO immediately took steps to begin identifying and notifying the impacted individuals regarding the release of PII (personally identifiable information),” the statement added. The office is investigating the breach and said it would offer free identity theft monitoring services to affected individuals. Reuters first reported the breach notification.
A representative for CGI Federal did not immediately respond to a request for comment.
Employee data breaches can create lingering problems for federal agencies. The 2015 hack of the Office of Personnel Management affected about 22 million records connected to employees’ personal data, as well as information about their families. The office had offered three years and up to $1 million worth of protection services, but Congress in 2015 directed the agency to expand the program to cover 10 years and up to $5 million.
Set to expire in 2026, a pair of House Democrats last week reintroduced a measure that would expand those protections.
Additionally, last year, the Department of Transportation confirmed a data breach that affected some 237,000 current and former employees that contained data on the agency’s benefit system that reimbursed workers for commuting costs.