From: Washington Business Journal

Jill R. Aitoro, Senior Staff Reporter

A computer security breach at the Environmental Protection Agency exposed the Social Security numbers and banking information of nearly 8,000 people, most of them current employees, the EPA confirmed.

The agency wouldn’t say whether the breach involved or affected any government contractors but told the Washington Business Journal in a statement Wednesday that it notified 5,100 current employees and some 2,700 “other individuals” about a March security incident that exposed personal information on an EPA database. Those impacted were informed about the breach Tuesday, four months after it occurred.

The agency currently is funding about $5 billion under almost 700 active contracts, according to May 31 data.

Included among the exposed information was Social Security numbers, bank routing numbers and home addresses. The EPA is offering free credit-monitoring services for one year to people affected by the breach and established a hotline for those who want to call about their concerns.

“EPA conducted a risk analysis, [which] indicates it is unlikely the personal financial information has been used,” according to the EPA statement. “Vigilantly keeping data secure from increasingly sophisticated cyber threats is a top priority at EPA. The agency has already added new safeguards in response to the incident.”

The EPA wouldn’t provide further details about the nature of the breach. The agency’s Office of the Inspector General confirmed only that an investigation is underway.

Federal agencies reported more than 40,000 security incidents that placed sensitive information at risk during 2010 — a 650 percent increase compared with five years ago, according to an October 2011 report from the Government Accountability Office. The watchdog agency also pointed to failures by agencies to properly oversee contractors that access federal computer systems and data.