The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.
AFSA has now issued a notice to its membership on the OPM data breach. Below is an excerpt:
On Thursday June 4, the Office of Personnel Management (OPM) became aware of a cybersecurity incident affecting its systems and data. AFSA subsequently learned that the Personally Identifiable Information (PII) of many current and former federal employees at the foreign affairs agencies have been exposed as a result of this breach.
The most current information provided to AFSA indicates the following: Most current, former and prospective federal employees at ALLforeign affairs agencies have been affected by this breach. That includes the State Department, USAID, FCS, FAS, BBG and APHIS. OPM discovered a new breach late last week which indicates that any current, former or prospective employee for whom a background investigation has been conducted is affected.
In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from firstname.lastname@example.org it will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. All the foreign affairs agencies suggest that those affected should contact the firm listed below. Members of the Foreign Commercial Service may additionally contact Commerce’s Office of Information Security at email@example.com.
As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks. To protect yourself, we encourage you to check the following:
The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.
The email subject should be exactly “Important Message from the U.S. Office of Personnel Management CIO”.
Do not click on the included link. Instead, record the provided PIN code, open a web browser, manually type the URL http://www.csid.com/opm into the address bar and press enter. You can then use the provided instructions to enroll using CSID’s Web portal.
The email should not contain any attachments. If it does, do not open them.
The email should not contain any requests for additional personal information.
The official email should look like the sample screenshot below.
image via afsa.org
Additional information has been made available on the company’s website, www.csid.com/opm, and by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705).
Agency-Specific Points of Contact:
If you have additional questions, contact AFSA’s constituency vice presidents and representatives:
Of course, the security freeze does not solve the problem if the intent here goes beyond stealing USG employees’ identities. If the hackers were after the sensitive information contained in the background investigations, for use at any time in the future, not sure that a credit freeze, credit monitoring and/or ID thief protection can do anything to protect our federal employees.
Security clearance investigations, by their very nature, expose people’s darkest secrets — the things a foreign government might use to blackmail or compromise them such as drug and alcohol abuse, legal and financial troubles and romantic entanglements. (via)
I understand why the USG has to show that it is doing something to address the breach but — if a foreign government, as suspected, now has those SF-86s, how can people protect themselves from being compromised? If this is not about compromising credit, or identities of USG employees but about secrets, credit monitoring and/or ID thief protection for $20 Million will be an expensive but useless response, wouldn’t it?
We’ve anticipated the evacuation of the family members of Embassy Kathmandu staff following the devastating Nepal earthquake of April 25. On May 1st, the State Department issued a new Nepal Travel Warning and announced the May 2nd “authorized departure” not just of embassy family members but also of its non-emergency personnel. See part of the announcement below:
The Department of State warns U.S. citizens of the risks of travel to Nepal and recommends that they defer non-essential travel there following the 7.8 magnitude earthquake on April 25. On May 2, 2015, the Department of State approved authorized departure for non-emergency U.S. government personnel and dependents. The U.S. Department of State also recommends that U.S. citizens in Nepal exercise caution when traveling in or planning departure from the country. The possibility for aftershocks of significant magnitude persists. Infrastructure is fragile and access to basic resources, including healthcare, could be limited. Cell phone and internet service are intermittent. In Kathmandu and elsewhere, some buildings are collapsed and some roads are impassable, making transportation difficult. Some areas of the city are crowded with displaced persons. Kathmandu and Lukla airports have been re-opened since the earthquake. However, the airports may close temporarily without notice due to aftershocks or inclement weather. We encourage travelers to contact their airlines to confirm flight availability before departing for the airport.
At the DPB on April 27, the State Department said that Embassy Kathmandu remains open and the U.S. Embassy and the American Club continue to shelter U.S. citizens and their family members as well as dozens of non-Americans. There are reportedly about 85 U.S. citizens at the chancery and about 220 U.S. citizens at the American Club. The spokesman said he is “not aware of any significant damage, at least not that is impeding their [embassy’s] operations.”
Embassy Kathmandu staff is reportedly being supplemented with resources in the region “to better enable us to respond to – not only to the things concerning U.S. citizens, but also liaison coordination with the U.S. Government and such.” All of the American personnel at the embassy are accounted for. The embassy is continuing its efforts to account for all its local employees. Meanwhile, the DART and the search and rescue teams have arrived in country.
On April 25, the U.S. Government (USG) issued a disaster declaration for Nepal due to the effects of the earthquake. In response, USAID/OFDA immediately activated a Response Management Team (RMT) in Washington, D.C., and a DART—including urban search-and-rescue (USAR) specialists from the Fairfax County Fire and Rescue Department—to support emergency response efforts in cooperation with the GoN. USAID/OFDA has also authorized an initial $1 million to address urgent needs.
According to media reports, the earthquake has resulted in widespread damage and destruction of buildings as well as damaged roads and other public infrastructure. According to USAID, USG staff in Kathmandu reported that electrical and telecommunications networks are intermittently operational, although landlines appear to function. The airports in Kathmandu and Pokhara reportedly remained open, with some commercial flight activity already resumed. Nepal earthquake death toll is now reported to be over 3,200, including 3 Americans. More than 6,000 have been injured in the earthquake.
The U.S. Embassy in Kathmandu has drilled about the big one for years now. Our post there has an American staff of less than a hundred. Post is a typical accompanied post so there will be family members there. If public infrastructure and food supply becomes problematic, we anticipate that family members will be evacuated to a safehaven area or back home like what happened in the aftermath of the Haiti earthquake. It is also worth noting that in a crisis like this, the local employees who are expected to assist the mission may also be facing their own challenges with the need and safety of their own families. Let’s keep them all in our thoughts.
U.S. Government Response
In response to the Government of Nepal requests for assistance, USAID/OFDA deployed a DART to Nepal. The team includes USAID/OFDA humanitarian specialists and 54 USAR personnel from the Fairfax County Fire and Rescue Department. USAID/OFDA has also allocated an initial $1 million for relief organizations in Nepal to address urgent humanitarian needs. Also this:
For nearly two decades, USAID/OFDA has supported disaster risk reduction (DRR) efforts in Nepal, including throughout Kathmandu Valley. USAID/OFDA funding has enabled the International Organization for Migration (IOM) to identify, prepare, and preserve more than 80 open spaces in Kathmandu Valley to ensure the sites are available for humanitarian purposes—such as distribution centers or warehouses—in the event of large-scale disasters. USAID/OFDA has also supported Nepal Red Cross Society (NRCS) to pre-position critical emergency relief supplies in order to address the immediate needs of affected communities following a disaster.
We understand that due to the weather, tents are an urgent need right now. USAID/OFDA director Jeremy Konyndyk says, “We’re mobilizing emergency shelter supplies from our global stocks. Clear need.”
How You Can Help
USAID says that the most effective way people can assist relief efforts is by making cash contributions to humanitarian organizations that are conducting relief operations. A list of humanitarian organizations that are accepting cash donations for disaster responses around the world can be found at www.interaction.org.
USAID encourages cash donations because they allow aid professionals to procure the exact items needed (often in the affected region); reduce the burden on scarce resources (such as transportation routes, staff time, and warehouse space); can be transferred very quickly and without transportation costs; support the economy of the disaster-stricken region; and ensure culturally, dietary, and environmentally appropriate assistance.
More information can be found at:
The Center for International Disaster Information: www.cidi.org or +1.202.821.1999.
Information on relief activities of the humanitarian community can be found at www.reliefweb.int
On April 25, a 7.8 earthquake hit Nepal, approximately 80 km from the capital Kathmandu. More than a thousand people have reportedly been killed with the number expected to go up. USAID is launching a a DART team to respond. U.S. citizens in need of urgent assistance in Nepal should call +977 1 423 4068. U.S. citizens from the U.S. and Canada needing assistance in Nepal should call 1-888-407-4747 or email the State Department at NepalEmergencyUSC@state.gov. Google has also rolled out its Person Finder.
Via the USGS:
The April 25, 2015 M 7.8 Nepal earthquake occurred as the result of thrust faulting on or near the main frontal thrust between the subducting India plate and the overriding Eurasia plate to the north. At the location of this earthquake, approximately 80 km to the northwest of the Nepalese capital of Kathmandu, the India plate is converging with Eurasia at a rate of 45 mm/yr towards the north-northeast, driving the uplift of the Himalayan mountain range. The preliminary location, size and focal mechanism of the April 25 earthquake are consistent with its occurrence on the main subduction thrust interface between the India and Eurasia plates.
Although a major plate boundary with a history of large-to-great sized earthquakes, large earthquakes on the Himalayan thrust are rare in the documented historical era. Just four events of M6 or larger have occurred within 250 km of the April 25, 2015 earthquake over the past century. One, a M 6.9 earthquake in August 1988, 240 km to the southeast of the April 25 event, caused close to 1500 fatalities. The largest, an M 8.0 event known as the 1934 Nepal-Bihar earthquake, occurred in a similar location to the 1988 event. It severely damaged Kathmandu, and is thought to have caused around 10,600 fatalities.
To read about the frustrations of dealing with inaction from Washington, see Ambassador Prudence Bushnell interview, A Soul Filled with Shame via ADST. Below is an excerpt:
Once the RPF took over Rwanda, I was sent to check things out. It was yet another surreal experience. The countryside of one of the most populous countries in the world was literally deadly quiet. Berries ready to harvest were rotting on the coffee trees; houses stood vacant. The man who served as the ambassador’s driver drove us. When we were stopped by child soldiers at checkpoints, I learned never to look them in the eye. As we drove we heard the story of how the driver had hidden and what happened to some of the other embassy employees. Many were dead.
I participated in a memorial service for the FSNs [local Foreign Service employees] who were killed. I will never forget looking into the stony faces of employees who had been abandoned by the U.S. government. American officers who came up to speak would weep, to a person. The Rwandans just looked at us. I can only imagine what they were thinking and the trauma that was still with them.
She was asked what was the rationale for not getting involved:
“We had no interest in that country.” “Look at what they did to Belgian peacekeepers.” “It takes too long to put a peacekeeping operation together.” “What would our exit strategy be?” “These things happen in Africa.” “We couldn’t have stopped it.” I could go on….
I could and did make the argument that it was not in our national interest to intervene. Should we send young Americans into a domestic firefight, possibly to be killed on behalf of people we don’t know in a country in which we have no particular interest? From the perspective of national interest, people like Richard Clarke will argue we did things right.
In terms of moral imperative there is no doubt in my mind that we did not do the right thing. I could have a clear bureaucratic conscience from Washington’s standpoint and still have a soul filled with shame.
On March 8, Malaysia Airlines released a statement that it is still unable to establish any contact or determine the whereabouts of flight MH370. Other details below:
Subang ATC had lost contact with the aircraft at 2.40am. The last known position of MH370 before it disappeared off the radar was 065515 North (longitude) and 1033443 East (latitude).
MH370 is a Boeing 777-200 aircraft on a code share with China Southern Airlines. It departed Kuala Lumpur at 12.41 am today for Beijing. The aircraft was scheduled to land at Beijing International Airport at 6.30am local Beijing time. The flight had a total number of 227 passengers and 12 crew members. The passengers were from 14 different countries, most of whom are from China.
An international search and rescue mission was mobilized this morning. At this stage, our search and rescue teams from Malaysia, Singapore and Vietnam have failed to find evidence of any wreckage.
The U.S. Embassy in Kuala Lumpur released the following statement regarding the missing plane. (full statement here):
The U.S. Embassy is closely following the developments regarding Malaysia Airlines flight #MH370. We extend our thoughts and prayers to the loved ones of those on board the Malaysia Airlines flight.
At this time, we can confirm that three U.S. citizens were on board. We are in contact with the individuals’ families. Out of respect for them, we are not providing additional information at this time. We are working to assess whether additional U.S. citizens may have been on board the flight.
Malaysia Airlines has established dedicated phone numbers for family members and friends of passengers to contact the airline directly for information. Family and friends should contact the airline at +603 8787 126 or +603 87871629. The airline is also providing updates to the general public on its website, http://www.malaysiaairlines.com/hq/en.html.
US Embassy KL also announced that USS Pinckney has been sent to assist in the search efforts:
The United States Navy Seventh Fleets is sending the USS Pinckney, along with a P-3C aircraft to assist in search efforts. The USS Pinckney (DDG 91), an Arleigh Burke-class guided-missile destroyer, is en route to the southern coast of Vietnam to aid in the search efforts. The ship could be in vicinity of the missing jet within 24 hours and carries two MH-60R helicopters which can be equipped for search and rescue. In addition, A P-3C Orion aircraft will also depart shortly from Kadena Air Base in Okinawa, Japan bringing long-range search, radar and communications capabilities to the efforts.
The Arleigh Burke-class guided-missile destroyer USS Pinckney (DDG 91) transits San Diego Bay. Pinckney helps provide deterrence, promote peace and security, preserve freedom of the seas, and humanitarian/disaster response within U.S. 3rd Fleet’s 50-million square mile area of responsibility in the eastern Pacific. (U.S. Navy photo by Mass Communication Specialist Seaman Todd C. Behrman/Released)
According to the U.S. Navy, USS Pinckney was conducting training and maritime security operations in international waters of the South China Sea.
Also, U.S. officials are reportedly investigating terrorism concerns after two people listed as passengers on the missing Malaysia Airlines jet turned out not to be on the plane and had reported their passports stolen in Thailand.