Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label internal data. Show all posts
Law Enforcement
Access control Compliance Data Breach EEOC internal data Law Enforcement

EEOC Confirms Internal Data Incident Linked to Contractor Misuse of System Access

 



The U.S. Equal Employment Opportunity Commission has disclosed that it was affected by a data security incident involving a third-party contractor, after improper access to an internal system raised concerns about the handling of sensitive public information. The agency became aware of the issue in mid-December, although the activity itself is believed to have occurred earlier.

According to internal communications from the EEOC’s data security office, the incident involved the agency’s Public Portal system, which is used by individuals to submit information and records directly to the commission. Employees working for a contracted service provider were granted elevated system permissions to perform their duties. However, the agency later determined that this access was used in ways that violated security rules and internal policies.

Once the unauthorized activity was identified, the EEOC stated that it acted immediately to protect its systems and launched a detailed review to assess what data may have been affected. That assessment found that some personally identifiable information could have been exposed. This type of information can include a person’s name as well as other identifying or contact details, depending on the specific record submitted. The agency emphasized that the review process is still underway and that law enforcement authorities are involved in the investigation.

To reduce potential risk to affected individuals, the EEOC advised users to closely monitor their financial accounts for unusual activity. As an additional security step, users of the Public Portal are also being required to reset their passwords.

Public contracting records show that the system involved was supported by a private company that provides case management software to federal agencies. A spokesperson for the company confirmed its role and stated that both the contractor and the EEOC responded promptly after learning of the issue. The spokesperson said the company continues to cooperate with investigators and law enforcement, noting that the individuals involved are facing active legal proceedings in federal court in Virginia.

The company acknowledged that the employees had passed background checks in place at the time of hiring, which covered a seven-year period and met existing government standards. However, the incident highlighted gaps in relying solely on screening measures. In response, the company said it has strengthened oversight by extending background checks where legally permitted, increasing compliance training, and tightening internal controls related to hiring and employee exits. Those responsible for the hiring decisions are no longer employed by the firm.

The EEOC stated that protecting sensitive data remains a priority but declined to provide further details while the investigation continues. Relevant congressional oversight committees have also been contacted regarding the matter.

The disclosure comes amid increased public attention on the EEOC’s role in addressing workplace discrimination, particularly as diversity and inclusion programs face scrutiny across government agencies and private organizations. Recent public outreach efforts by agency leadership have further placed the commission in the spotlight.

More broadly, the incident underlines an ongoing cybersecurity concern across government systems: the risk posed by insider access through contractors. When third-party personnel are given long-term or privileged access, even trusted environments can become vulnerable without continuous monitoring and strict controls.

Read more »
Subscribe to: Comments (Atom)