Posted: 1:36 am PDT
[twitter-follow screen_name=’Diplopundit’ ]
Excerpt via opm.gov:
OPM announced the results of the interagency forensic investigation into the second incident. As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors. Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.
While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).
This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees. OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen. This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.
Analysis of background investigation incident. Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected. The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases. This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants. As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints. There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.
If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.
So, are we supposed to wait for another credit monitoring offer from OPM’s partners for this BI hack, after already being offered credit monitoring for the personnel data compromised in an earlier breach?
Ms. Archuleta should do the right thing and resign.
Part of OPM’s public response to these breaches has been to protect the director’s record at the agency. While she remains in charge, I suspect that the fixes at OPM will also include shielding the director from further damage. News reports already talk about OPM’s push back. Next thing you know we’ll have “setting the record straight” newsbots all over the place.
While it is true that Ms. Archuleta arrived at OPM with legacy systems still in operation, these breaches happened under her watch. Despite her protestation that no one is personally responsible (except the hackers), she is the highest accountable official at OPM. Part and parcel of being in a leadership position is to own up to the disasters under your wings. Ms. Archuleta should resign and give somebody else a chance to lead the fixes at OPM.
— Dave (@empiricalerror) July 9, 2015
— Ted Lieu (@tedlieu) July 9, 2015
— Peter W. Singer (@peterwsinger) July 9, 2015
— 11mark (@11markagency) July 9, 2015
Posted: 3:14 am EDT
[twitter-follow screen_name=’Diplopundit’ ]
Katherine Archuleta who remains OPM director following the drip, drip, drip reports on the OPM data breach wrote a blog post at 8 pm on Saturday, July 4th, updating the “hardworking Federal workforce” on the “Cyberintrustion Investigation.”
The update does not provide any real update on the investigation, except to say they hope to have something this week. Two sentences on the investigation from an eight para message. Oy!
The purpose of the message appears to be — to show that the director is working on a Federal holiday. At 8 pm, too. While you all are celebrating the Fourth of July, the OPM director who is “as concerned about these incidents as you are,” is writing a blog post, and talking about the “tireless efforts” of her team. She wants folks to know that she “shares your anger,” and that she remains “committed to improving the IT issues that have plagued OPM for decades.” She also writes that she is “committed to finishing the important work outlined” in her Strategic IT Plan.
Hey, no one is personally responsible for this breach except the hackers, and it looks like Ms. Archuleta is committed enough that she won’t be going anywhere. No, not even to go back in time.
Here’s the part of her message that gave me a nasty headache. She writes, “I encourage you to take some time to learn about the ways you can help protect your own personal information.”
Ay, holy molly guacamole!
May I also encourage OPM to take some time to learn about the ways it can help protect the personal information of Federal employees, job applicants, retirees and contractors, and their family members, because why not? See this timeline:
— National Journal (@nationaljournal) July 6, 2015
Cybersecurity is already a priority in our lives and work. We’re all in this great mess because it wasn’t a priority for OPM. I certainly welcome more substantive details of this breach but these updates that are nothing more than rumble burble CYA are mighty useless, and they don’t do anything to improve my perception of OPM or its leadership.
Dear White House. Please.Make.Her.Stop.
As our hardworking Federal workforce enjoys a much-deserved holiday weekend, I want to share a quick update on the ongoing investigation into the recent theft of information from OPM’s networks.
For those individuals whose data may have been compromised in the intrusion affecting personnel records, we are providing credit monitoring and identity protection services. My team has worked with our identity protection contractor to increase staff to handle the large volume of calls, and to dramatically reduce wait times for people seeking services. As of Friday, our average wait time was about 2 minutes with the longest wait time being about 15 minutes.
Thanks to the tireless efforts of my team at OPM and our inter-agency partners, we also have made progress in the investigation into the attacks on OPM’s background information systems. We hope to be able to share more on the scope of that intrusion next week, and in the coming weeks, we will be working hard to issue notifications to those affected.
I want you to know that I am as concerned about these incidents as you are. I share your anger that adversaries targeted OPM data. And I remain committed to improving the IT issues that have plagued OPM for decades.
One of my first priorities upon being honored with the responsibility of leading OPM was the development of a comprehensive IT strategic plan, which identified security vulnerabilities in OPM’s aging legacy systems, and, beginning in February 2014, embarked our agency on an aggressive modernization and security overhaul of our network and its systems. It was only because of OPM’s aggressive efforts to update our cybersecurity posture, adding numerous tools and capabilities to our networks, that the recent cybersecurity incidents were discovered.
I am committed to finishing the important work outlined in my Strategic IT Plan and together with our inter-agency partners, OPM will continue to evaluate and improve our security systems to make sure our sensitive data is protected to the greatest extent possible, across all of our networks.
We are living in an era where cybersecurity must be a priority in our lives at work and at home. I encourage you to take some time to learn about the ways you can help protect your own personal information. There are many helpful resources available on our website.
I’m wishing you a safe and relaxing 4th of July weekend.
Posted: 7:16 pm EDT
[twitter-follow screen_name=’Diplopundit’ ]
The largest federal employee union, the American Federation of Government Employees, filed a class action lawsuit today against the Office of Personnel Management, its director, Katherine Archuleta, its chief information officer, Donna Seymour and Keypoint Government Solutions, an OPM contractor.
— AFGE (@AFGENational) June 30, 2015
— Diplopundit (@Diplopundit) June 30, 2015
A couple of weeks ago, we thought that the “recipe” from the OPM email notification sent to potentially affected employees via email might be copied by online scammers.
After OPM hack, US triggered ‘phishing’ fears with notification emails to federal employees: http://t.co/0S5CIi9gVj
— Stars and Stripes (@starsandstripes) June 26, 2015
Today, the United States Computer Emergency Readiness Team (US-CERT), part of part of DHS’ National Cybersecurity and Communications Integration Center (NCCIC) issued an alert on phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID.
OPM Identity-Protection Phishing Campaigns: Original release date: June 30, 2015US-CERT is aware of phishing c… http://t.co/gYMyoAUkLY
— US-CERT (@USCERT_gov) June 30, 2015
Posted: 12:19 am EDT
[twitter-follow screen_name=’Diplopundit’ ]
On June 29, OPM announced the temporary suspension of the online system used to submit background investigation forms. The system could be offline from 4-6 weeks. Below via opm.gov:
WASHINGTON, D.C. – The U.S. Office of Personnel Management today announced the temporary suspension of the E-QIP system, a web-based platform used to complete and submit background investigation forms.
Director Katherine Archuleta recently ordered a comprehensive review of the security of OPM’s IT systems. During this ongoing review, OPM and its interagency partners identified a vulnerability in the e-QIP system. As a result, OPM has temporarily taken the E-QIP system offline for security enhancements. The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.
OPM expects e-QIP could be offline for four to six weeks while these security enhancements are implemented. OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so. In the interim, OPM remains committed to working with its interagency partners on alternative approaches to address agencies’ requirements.
“The security of OPM’s networks remains my top priority as we continue the work outlined in my IT Strategic Plan, including the continuing implementation of modern security controls,” said OPM Director Archuleta. “This proactive, temporary suspension of the e-QIP system will ensure our network is as secure as possible for the sensitive data with which OPM is entrusted.”
Meanwhile, on June 22, AFSA sent a letter to OPM Director Katherine Archuleta with the following requests:
On June 25, AFSA is one of the 27 federal-postal employee coalition groups who urge President Obama to “immediately appoint a task force of leading agency, defense/intelligence, and private-sector IT experts, with a short deadline, to assist in the ongoing investigation, apply more forceful measures to protect federal personnel IT systems, and assure adequate notice to the federal workforce and the American public.” (read letter here: AFSA Letter sent in conjunction with the Federal-Postal Coalition |June 25, 2015 | pdf)