GovLoop

Your Burning Questions About the OPM Hacks May Soon Be Answered

There are far more questions than answers about the massive Office of Personnel Management breach that exposed the personal data of millions of current and former federal employees.

In the wake of OPM’s June 4 announcement that some 4 million people were affected by the cyber hack, new reports have surfaced that create a much bleaker picture than was initially reported by the agency.

“During the course of this investigation, the incident response team shared with relevant agencies a high degree of confidence that there was a separate intrusion into OPM systems that may have compromised information related to the background investigations of current, former, and prospective Federal government employees, and other individuals for whom a federal background investigation was conducted,” OPM Press Secretary Samuel Schumach told GovLoop.

“OPM continues to work with US-CERT and the FBI to determine the type of records that may have been compromised and the population of individuals affected,” Schumach said, noting that “OPM will notify those individuals whose information may have been compromised as soon as practicable.”

Early on, OPM did warn that the ongoing investigation might reveal more instances where personal data was compromised. But that doesn’t soften the blow for millions of current and retired feds whose Social Security numbers, birthdates, job assignments, training records and benefits selections may have been compromised. Many of the details about the breach are coming from unnamed government officials and varying reports, leaving feds wondering what’s really going on.

Neither feds nor House lawmakers are satisfied with OPM’s current explanation of the cyber hack. That’s why the House Oversight and Government Reform Committee is hosting a 10 a.m. hearing on Tuesday to find out directly from OPM all the things we wish we knew about the breach: who was affected, what information was stolen, was it encrypted, how many breaches were discovered? OPM Director Katherine Archuleta, OPM Chief Information Officer Donna Seymour, Federal CIO Tony Scott and Sylvia Burns, CIO for the Interior Department, are among those invited to testify at tomorrow’s hearing. (Read our coverage of the hearing)

I expect Scott will talk about the administration’s newly launched effort to implement key cybersecurity measures governmentwide over the next month and a newly launched review of federal cybersecurity policies, procedures and practices.

Enhanced Cybersecurity Governmentwide

Details about a second breach add yet another troubling dimension to the already grim reports. And the sad — but true — reality is that it often takes catastrophic events to usher in reform.

The Office of Management and Budget announced last Friday new steps the administration would take to beef up cyber defenses governmentwide. The federal CIO will lead a 30-day Cybersecurity Sprint, focused on better protection of federal data, improving indications and warnings of cyber threats, decreasing the time it takes to patch software vulnerabilities and a host of other action items.

Here are the key efforts agencies will carry out and report on over the next 30 days:

You may have noticed that OPM added a few new features to its online FAQ section pertaining to the breach, including a feedback mechanism for visitors to rate OPM’s effectiveness in answering questions. How would you rate OPM’s efforts to keep feds informed about the breach?

Exit mobile version