The U.S. Office of Personnel Management suffers largest breach in U.S. government history

Robinson & Cole LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The United States Office of Personnel Management (“OPM”) disclosed that it was the target of what has been described as the largest breach in U.S. government history, affecting the personal information of up to 14 million current and former federal employees, a far higher figure than the 4 million the agency initially disclosed.  Officials believe that the intrusion originated in China and suspect that it was state sponsored, claims that the Chinese government has steadfastly denied.  The stolen personnel records would provide a foreign government with a means to blackmail, impersonate or otherwise exploit those affected in an effort to gain access to U.S. secrets or entry into government computer networks.  The American Federation of Government Employees believes the hackers stole Social Security numbers, military records and veterans’ status information, addresses, birth dates, job and pay histories; health insurance, life insurance and pension information; and age, gender and race data.

Officials also discovered that deeply personal information submitted by U.S. intelligence and military personnel for security clearances—mental illnesses, drug and alcohol use, past arrests, bankruptcies and more—is in the hands of  hackers also linked to China.  Officials say the hack into the security clearance database was separate from the breach of federal personnel data announced last week and that it was unclear whether the security database breach happened when OPM’s computer networks were breached in 2013, an attack that was discovered in July 2014.

The recent breach comes only a few months after OPM’s Office of the Inspector General harshly criticized OPM for its lax security in a November 2014 report on the agency’s compliance with the Federal Information Management Act.  The report found “significant” deficiencies in OPM’s IT security program.  Specifically, it noted OPM’s lack of encryption and the agency’s failure to tract its equipment.  It also found that OPM failed to maintain an inventory list of its servers and databases and did not even know all the systems that were connected to its networks.  OPM also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson & Cole LLP | Attorney Advertising

Written by:

Robinson & Cole LLP
Robinson & Cole LLP
Contact
more
less

Robinson & Cole LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide