No One Trusts OPM Not to Get Hacked Again:
After a catastrophic hack that left the data of millions of government employees exposed, it seems that the Office of Personnel Management (OPM) cannot restore trust. Officials announced Friday that the Pentagon will oversee the security of employee data, and a new department will be formed within OPM to oversee background checks.
The new department is titled the National Background Investigations Bureau, the Washington Post reports, and will take over background investigations and security clearances from OPM’s Federal Investigative Services.
Source: Vice Magazine
5.6 Million Fingerprints Stolen in OPM Breach:
“It’s probably the biggest counterintelligence threat in my lifetime,” said Jim Penrose—former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at the cybersecurity company Darktrace—earlier this summer.
“There’s no situation we’ve had like this before, the compromise of our fingerprints. And it doesn’t have any easy remedy or fix in the world of intelligence,” Penrose said.
The government is putting together a group of experts from Defense, FBI, the Homeland Security Department, and other agencies to analyze the potential harm of the loss of this fingerprint data, OPM announced Wednesday, and find ways to prevent exploitation of the data.
Source: nationaljournal.com
OPM Now Admits 5.6m Feds’ Fingerprints Were Stolen By Hackers:
When hackers steal your password, you change it. When hackers steal your fingerprints, they’ve got an unchangeable credential that lets them spoof your identity for life. When they steal 5.6 million of those irrevocable biometric identifiers from U.S. federal employees—many with secret clearances—well, that’s very bad.
Source: Wired
AFTER WEEKS OF speculation about the fate of Katherine Archuleta, beleaguered director of the Office of Personnel Management, she tendered her resignation today.
She has been under fire since the OPM disclosed in June that it had been hacked and had failed to notice for a year, as data on about four million current and former federal workers was siphoned from the agency’s networks.
But the clamor for her dismissal grew deafening after it was revealed last month that the breach didn’t just involve the personnel records of current and former workers but also a database for storing sensitive information about background investigations conducted on people seeking a security clearance. That breach affected some 21.5 million people—not only federal workers but friends, family members and others who were interviewed over the last twenty years for security clearance applications.
Source: Wired
How many millions of people were affected by the OPM hack exactly? Well, no one has any idea. And we’re not just talking about credit card numbers that can be reset. The siphoned files include what are known as SF-86 forms, which contain the detailed financial, medical, and personal histories of anyone who applied for a federal clearance. It’s a goldmine for potential blackmailers. The government’s penance to those affected is to offer everyone 18 months of free credit report monitoring. How generous.
It gets more embarrassing. The alleged Chinese hackers were inside the government’s systems for a year before they were found. There was a second major breach that wasn’t previously disclosed. The OPM ignored repeated warnings by its inspector general that its security practices were dangerously negligent. Ars Technica even reported that contractors had direct access to the servers that stored the data inside foreign countries, including China.
As security expert Jonathan Zdziarski tweeted, if you have two-step authentication enabled on Twitter – a basic security feature that almost all social media platforms offer – “then your tweets are safer than the government’s data on 4 million federal employees and contractors.” Why the White House is only now urging agencies to implement this kind of security measure is a mystery.
Source: theguardian.com