OPM Hit By Class Action Lawsuit, and Those Phishing Scams You Feared Over #OPMHack Are Real (Corrected)

Posted: 7:16 pm  EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.
.

.

.
A couple of weeks ago, we thought that the “recipe” from the OPM email notification sent to potentially affected employees via email might be copied by online scammers.

.

 

Today, the United States Computer Emergency Readiness Team (US-CERT), part of part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC) issued an alert on phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID.

#

Senators Perdue and Kaine Sponsor Improving Department of State Oversight Act of 2015

Posted: 12:27 am  EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Last month, Sen. Perdue, David [R-GA] and Sen. Kaine, Tim [D-VA] introduced S.1527 – Improving Department of State Oversight Act of 2015.  Read the full text of the bill here.  Here is a summary via CRS:

This bill grants competitive status for appointment to a position in the competitive service for which the employee is qualified to any employee of the Special Inspector General for Iraq Reconstruction (SIGIR) who was not terminated for cause, and who completes at least 12 months of service at any time before the termination of the SIGIR on October 5, 2013.

The Secretary of State shall certify to Congress that the Department of State has made reasonable efforts to ensure the integrity and independence of the Office of the Inspector General Information Technology systems.

Each Department entity under the Foreign Service Act of 1980 shall report within five business days to the Inspector General (IG) any allegations of:

  • program waste, fraud, or abuse;
  • criminal or serious misconduct on the part of a Department employee at the FS-1, GS-15, GM-15 level or higher;
  • criminal misconduct on the part of any Department employee; and
  • serious, noncriminal misconduct on the part of any individual who is authorized to carry a weapon, make arrests, or conduct searches (such as conduct that would constitute perjury or material dishonesty, warrant suspension as discipline for a first offense, or result in loss of law enforcement authority).

The IG may investigate such matters.

No Department entity with concurrent jurisdiction over such matters, including the Bureau of Diplomatic Security, may initiate an investigation without first reporting the allegations to the IG.

A Department entity that initiates an investigation of such a matter must fully cooperate with the IG, unless the IG authorizes an exception.

Temporary relaxation of such restrictions may occur in exigent circumstances.

#

This bill was referred to the Senate Committee on Foreign Relations which will consider it before sending it to the Senate floor for consideration.  According to govtrack.us, there are 5,343 bills and resolutions currently before the United States Congress. Of those, only about 5% will become law. They must be enacted before the end of the 2015-2017 session (the “114th Congress”).

 

OPM Announces Temporary Suspension of the E-QIP System For Background Investigation

Posted: 12:19 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

On June 29, OPM announced the temporary suspension of the online system used to submit background investigation forms.  The system could be offline from 4-6 weeks.  Below via opm.gov:

WASHINGTON, D.C. – The U.S. Office of Personnel Management today announced the temporary suspension of the E-QIP system, a web-based platform used to complete and submit background investigation forms.

Director Katherine Archuleta recently ordered a comprehensive review of the security of OPM’s IT systems. During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system. As a result, OPM has temporarily taken the E-QIP system offline for security enhancements. The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.

OPM expects e-QIP could be offline for four to six weeks while these security enhancements are implemented. OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so.  In the interim, OPM remains committed to working with its interagency partners on alternative approaches to address agencies’ requirements.

“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” said OPM Director Archuleta. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”

#

Meanwhile, on June 22, AFSA sent a letter to OPM Director Katherine Archuleta with the following requests:

Screen Shot 2015-06-29

via afsa.org (click for larger view)

 

On June 25, AFSA is one of the 27 federal-postal employee coalition groups who urge President Obama to “immediately appoint a task force of leading agency, defense/intelligence, and private-sector IT experts, with a short deadline, to assist in the ongoing investigation, apply more forceful measures to protect federal personnel IT systems, and assure adequate notice to the federal workforce and the American public.”  (read letter here: AFSA Letter sent in conjunction with the Federal-Postal Coalition |June 25, 2015 | pdf)

#