U.S. government contractor Booz Allen Hamilton has disclosed that a former staffer downloaded potentially tens of thousands of employees' personal information from the company's internal network.
The government and defense contractor said that one of its staffers, while still employed by the company, downloaded a report containing the personal information of "active employees as of March 29, 2021."
A copy of Booz Allen's website archived in March 2021 said the company had 27,600 employees, many of whom are contracted to U.S. government, military and intelligence agencies and hold high-level security clearances.
The notice said that the report downloaded by the employee contained, "your name, Social Security number, compensation, gender, race, ethnicity, date of birth, and U.S. Government security clearance eligibility and status as of March 29, 2021."
Booz Allen said the report containing the personal information was "improperly stored on an internal SharePoint site," but did not say what circumstances led to the discovery of the data, only that it "recently learned" of the staffer's activity.
The data breach notice, filed with the California attorney general's office this week, said the employee obtained the report on April 14, 2022. Booz Allen spokesperson Jessica Klenk said the company learned of the exposure months later on October 5.
The data breach notice said the now-former staffer acted "in direct contradiction" of the company's policies, but that the company does "not believe that the individual intended to misuse any of the personal information in the report to cause harm to Booz Allen employees." It's not clear if the individual has been charged with any criminal offenses.
Updated with comments from Booz Allen.