Feds hacked again — 4 million employees’ personal info at risk — China blamed, but no evidence yet

June 5, 2015 Bob Sullivan Cybercrime / Privacy 1

Click to read the OPM announcement
Click to read the OPM announcement

For the second time in the past 12 months, the agency that acts as the human resources department for federal employees has been hacked. The  U.S. Office of Personnel Management said on Thursday that it would be notifying 4 million current and former federal employees that hackers may have stolen their personally identifiable information from the agency’s systems.

The agency said it was in the process of installing new cybersecurity software (probably in response to last year’s hack) when it discovered this attack in April.

Since this latest attack, the agency added even more security, it said:

“Since the intrusion, OPM has instituted additional network security precautions, including: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network,” the agency said on its website.

It’s hard to understand why some of those measures weren’t already in place (deploying anti-malware software? restricting network admin functions?), if the stolen data is as important as federal officials say.

That’s particularly true given the concerns generated by last year’s attack, which involved systems used in reviewing employees security clearance applications, according to The New York Times. There was speculation at the time that hackers from China, perhaps at the direction of the Chinese government, were responsible as part of an effort to gather intelligence on Americans.  Again, after Thursday’s hack was announced, government officials repeatedly told journalists off the record that China was behind this latest attack, though no evidence was offered.

Government employees will be offered credit monitoring and identity theft services, OPM said.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”



Don’t miss a post. Sign up for my newsletter

About Bob Sullivan 1612 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.
Website

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.