EEOC experienced security incident involving contractors unauthorized access email says NextgovFCW
p
designer491Getty Images
ppppStay Connectedpp
By
David DiMolfetta
ppThe Equal Employment Opportunity Commission was impacted in an internal data security incident that occurred around a year ago and involved a contractors employees mishandling sensitive information in one of the agencys systems according to a notification email obtained by NextgovFCWppThe breach in the EEOCs Public Portal system which the agency was made aware of around Dec 18 involved unauthorized access of agency data that may have exposed personally identifiable information in records submitted to the agency by the public The notification was sent Wednesday by the EEOCs data security officeppStaff employed by the contractor who had privileged access to EEOC systems were able to handle data in an unauthorized UA and prohibited manner in early 2025 it reads Upon discovery the EEOC took immediate steps to secure its systems and initiated an assessment to determine the nature and scope of the incidentppIt later adds The review determined that certain personally identifiable information PII may have been exposed Depending on the individual this information may have included name and other identifying or contact information The review is ongoing and the EEOC is working with law enforcementppThe notification email also encourages recipients to monitor their financial accounts for suspicious activity and says that portal users will be required to reset their passwords ppAccording to contracting data Opexus which sells case management software solutions to the federal government was contracted with EEOC in this capacityppA company spokesperson confirmed their involvement and said Opexus and EEOC took immediate action when we learned of this activity and we continue to support investigative and law enforcement efforts into these individuals conduct which is under active prosecution in the Federal Court of the Eastern District of VirginiappWhile the individuals responsible met applicable sevenyear background check requirements consistent with prevailing government and industry standards at the time of hire this incident made clear that personnel screening alone is not sufficient the spokesperson said ppOn the HR side those responsible for the hiring decisions are no longer employed by the company and we have strengthened our screening and oversight processes including extending background checks to ten years where permitted by law enhancing compliance training and reinforcing controls within our hiring and termination workflows the spokesperson addedppThe US Equal Employment Opportunity Commission takes data security seriously This matter is under investigation by law enforcement and the EEOC is not able to provide additional information at this time an agency spokesperson said ppNextgovFCW has also reached out to the agencys relevant oversight committees in CongressppEEOC is at the center of the second Trump administrations efforts to deter alleged illegal discrimination fueled by diversity equity and inclusion programs which over the last year have been scrutinized and dismantled at practically all levels across the federal government The changes have trickled down to major private corporations across the countryppLast month EEOC chairwoman Andrea Lucas addressed an X post to white men asking if they have faced discrimination in their workplace because of their race or sex and encouraged them to report their experiences to the agency as soon as possibleppThe incident underscores that insider threats through government contractors are a persistent and often underappreciated risk particularly in environments where thirdparty personnel are granted broad or longterm access to sensitive government systemsppEditors note This story has been updated to correct that records submitted to the agency through the portal come from the public and that public records information may be impacted
pp
NEXT STORY
Analysts watch for heightened cyber disinformation campaigns following Venezuela raid
ppHelp us tailor content specifically for youppThank you for subscribing Please check out our other newsletter offerings on our Newsletter pagep
designer491Getty Images
ppppStay Connectedpp
By
David DiMolfetta
ppThe Equal Employment Opportunity Commission was impacted in an internal data security incident that occurred around a year ago and involved a contractors employees mishandling sensitive information in one of the agencys systems according to a notification email obtained by NextgovFCWppThe breach in the EEOCs Public Portal system which the agency was made aware of around Dec 18 involved unauthorized access of agency data that may have exposed personally identifiable information in records submitted to the agency by the public The notification was sent Wednesday by the EEOCs data security officeppStaff employed by the contractor who had privileged access to EEOC systems were able to handle data in an unauthorized UA and prohibited manner in early 2025 it reads Upon discovery the EEOC took immediate steps to secure its systems and initiated an assessment to determine the nature and scope of the incidentppIt later adds The review determined that certain personally identifiable information PII may have been exposed Depending on the individual this information may have included name and other identifying or contact information The review is ongoing and the EEOC is working with law enforcementppThe notification email also encourages recipients to monitor their financial accounts for suspicious activity and says that portal users will be required to reset their passwords ppAccording to contracting data Opexus which sells case management software solutions to the federal government was contracted with EEOC in this capacityppA company spokesperson confirmed their involvement and said Opexus and EEOC took immediate action when we learned of this activity and we continue to support investigative and law enforcement efforts into these individuals conduct which is under active prosecution in the Federal Court of the Eastern District of VirginiappWhile the individuals responsible met applicable sevenyear background check requirements consistent with prevailing government and industry standards at the time of hire this incident made clear that personnel screening alone is not sufficient the spokesperson said ppOn the HR side those responsible for the hiring decisions are no longer employed by the company and we have strengthened our screening and oversight processes including extending background checks to ten years where permitted by law enhancing compliance training and reinforcing controls within our hiring and termination workflows the spokesperson addedppThe US Equal Employment Opportunity Commission takes data security seriously This matter is under investigation by law enforcement and the EEOC is not able to provide additional information at this time an agency spokesperson said ppNextgovFCW has also reached out to the agencys relevant oversight committees in CongressppEEOC is at the center of the second Trump administrations efforts to deter alleged illegal discrimination fueled by diversity equity and inclusion programs which over the last year have been scrutinized and dismantled at practically all levels across the federal government The changes have trickled down to major private corporations across the countryppLast month EEOC chairwoman Andrea Lucas addressed an X post to white men asking if they have faced discrimination in their workplace because of their race or sex and encouraged them to report their experiences to the agency as soon as possibleppThe incident underscores that insider threats through government contractors are a persistent and often underappreciated risk particularly in environments where thirdparty personnel are granted broad or longterm access to sensitive government systemsppEditors note This story has been updated to correct that records submitted to the agency through the portal come from the public and that public records information may be impacted
pp
NEXT STORY
Analysts watch for heightened cyber disinformation campaigns following Venezuela raid
ppHelp us tailor content specifically for youppThank you for subscribing Please check out our other newsletter offerings on our Newsletter pagep
