The Interior Business Center (IBC) is a shared services provider to federal agency customers for human resources (HR) information technology and services. On January 17, 2023, an IBC customer reported an incident in which it was discovered that an inadvertent change to a security setting in the system allowed authorized trained federal HR professionals to view personally identifiable information (PII) from other federal agencies between January 12, 2023, and January 18, 2023.
IBC’s technical investigation confirmed that this breach was due to an unintentional user error. The security setting was corrected within a week, and the scope of disclosure was limited to no more than 22 trusted HR professionals who are authorized to use the system and trained to protect PII. Of these 22 users, 15 certified in writing that no PII from another agency was viewed or downloaded from Datamart during the period of exposure, three (3) indicated that PII was viewed but was not downloaded, and the remaining four (4) users indicated PII was viewed or downloaded but that it was deleted and was not further disseminated. We have no reason to believe personal information was misused in any way.
IBC has notified the affected agencies and will provide notifications to potentially affected individuals. We are committed to protecting the privacy of individuals, providing resources to those who have been affected, and ensuring this type of incident does not occur again. In addition to the issue that led to this incident being resolved, we are working to review processes and protocols to identify any further corrective actions and implement additional safeguards to enhance security and protect the privacy of individuals.
The IBC remains deeply committed to protecting the privacy and security of information that is shared with us. Please contact our call center at 1-866-FOR-1-CSC (1-866-367-1272) or via email at FPPS_Helpdesk@ios.doi.gov if you have any questions or concerns.