With the government agencies like the NSA, the CIA, and the FBI looking to ratchet up efforts to spy on both U.S. citizens within our own borders, and on foreign interests abroad, today’s bombshell revelation suggests that maybe the U.S. should start taking measures to beef up its cybersecurity at all of its federal agencies, ASAP.
The U.S. Office of Personnel Management (OPM) has confirmed that over four million current and former federal employees have their personnel data stolen as a result of a massive cybersecurity breach. Information gleaned includes what the OPM classifies as personally identifiable information or PII. A security breach of this scale could only have been pulled off by a well organized (and funded) entity, and fingers are already being pointed at China in this latest incident.
In what could be the ultimate case of “too little, too late,” the OPM describes in a statement, “Within the last year, the OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.” It was only after its beefed up security measures had put in place that it realized that it has already been infiltrated by cyberattackers. According to the OPM, it only learned of the personnel records breach in April 2015 (after its countermeasures were put into place) and it is currently unaware of when the breach actually took place.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
Needless to say, we’re almost certain that Mrs. Archuleta will find herself on Capitol Hill in the coming weeks to answer questions before a Senate hearing about this breach. This is an incredibly serious matter, especially when you consider that the OPM is the U.S. federal government’s human resources department and handles both background checks and security clearances for federal employees.
For now, the OPM is contacting the four million individuals affected by this breach and is offering them an 18-month membership with CSID to provide credit monitoring, credit report access, and identify theft insurance and recovery services. But that may be little comfort to those whose personal information is now out in the wild, likely sold to the higher bidder.