The contractor, USIS, did not identify the suspected culprit but said in a statement that the cyber-attack had "the markings of a state-sponsored attack." An official with the Department of Homeland Security said the intrusion may have compromised some of its employees' information.
USIS, once known as U.S. Investigations Services, Inc., has been under criticism in Congress in recent months for its performance in conducting background checks on National Security Agency leaker Edward Snowden and on Aaron Alexis, a military contractor employee who killed 12 people during shootings at the Navy Yard in September 2013.Private contractors conduct background checks on more than two-thirds of the 4.9 million government workers with security clearances, and USIS handles nearly half of that number. Many of those investigations are performed under contracts with the Office of Personnel Management, the Department of Homeland Security and the Defense Department.
An OPM spokeswoman said the agency was temporarily halting all of USIS's background check fieldwork "out of an abundance of caution." The spokeswoman, Jackie Koszczuk, said the hiatus will allow USIS to take "necessary steps" to protect its systems.
OPM's own computers were reportedly penetrated earlier this year by Chinese hackers, according to a New York Times account. The agency's databases were breached in March before the threat was detected and blocked, the Times reported in July.
A DHS spokesman said it had issued "stop-work orders halting the provision of additional sensitive information" to USIS until the agency was confident that the firm could protect that material. The spokesman, Peter Boogard, said the FBI had begun an investigation into the matter. Boogard said the agency was separately working to identify the scope of the breaches and where they occurred.
The firm said in a statement on its website that it was working with law enforcement and had retained "an independent forensics investigative law firm to determine the precise nature and extent of any unlawful entry into our network."