On June 4, 2015, the U.S. Office of Personnel Management (OPM) announced that it was the victim of a data breach in which records of more than four million current and former agency employees were accessed. According to the White House, the attack originated from China, though whether or not the attack was state-sponsored remains unclear. Agency officials stated that they detected the breach in April, but that it may have begun as early as last year.
Social security numbers of agency workers, as well as other personally identifiable information, was accessed. OPM is responsible for security clearances for government workers, and the information accessed could have the potential to reveal identities of covert U.S. operatives and other intelligence officials.
In a release concerning the breach, OPM indicated that it is working with the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) to determine the full impact to federal personnel. OPM is also providing credit report access and monitoring to affected employees, as well as identity theft insurance to those affected.
This most recent attack, in addition to two others at the White House and the State Department, have renewed calls by lawmakers to boost national cyber defenses. House Intelligence Committee Ranking Member Adam Schiff (D-CA) took to twitter, saying that it is “clear a substantial improvement in our cyber databases & defenses is perilously overdue.” Schiff noted that the House has passed cybersecurity legislation, and he urged his colleagues in the Senate to do the same.
Recently, the House passed two bills, H.R. 1560 and H.R. 1731, that would improve federal cybersecurity defense capabilities, as well as facilitate cyber threat information-sharing among the government and private sector. The Senate Intelligence Committee reported its version of such legislation in March, but it is unclear when the measure may be brought to the floor for debate.