Booz Allen says former employee downloaded employees’ personal data • TechCrunch

US government contractor Booz Allen Hamilton disclosed that a former employee downloaded tens of thousands of employees’ personal information from the company’s intranet.

The government and defense contractor said that one of its employees, while still employed by the company, downloaded a report containing the personal information of “employed employees as of March 29, 2021.”

A copy of Booz Allen’s website archived in March 2021 says the company has 27,600 employees, many of whom are contractors with the US government, military and intelligence agencies and have high-level security clearances.

The notice said the report downloaded by the employee included, “your name, social security number, compensation, gender, race, ethnicity, date of birth, eligibility for a US government security clearance and your status as of March 29, 2021.”

Booz Allen said the report containing the personal information was “improperly stored on an internal SharePoint site,” but did not name the circumstances that led to the discovery of the data, but rather that it “recently became aware” of employee activity.

The notice of the data breach, filed with the California Attorney General’s office this week, said the employee obtained the report on April 14, 2022. Booz Allen spokeswoman Jessica Klink said the company learned of the exposure months later on October 5.

The data breach notice stated that the now-employed employee is “directly in conflict” with company policies, but the company “does not believe that the individual intended to misuse any of the personal information on the report to harm Booz Allen employees.” The individual has been charged with any criminal offences.

Updated with comments from Booz Allen.