Hackers broke into third-party software in 2013 to open personal records on federal employees and contractors with access to classified intelligence, according to the government’s largest private employee investigation provider.
That software apparently was an SAP enterprise resource planning application. It’s unclear if there was a fix available for the program flaw at the time of the attack. It’s also not clear whether SAP—which was responsible for maintaining the application—or USIS would have been responsible for patching the flaw.
>>> Full story