OPM "refusing to co-operate" with government data breach enquiry

US House Oversight Committee resorts to legal action to obtain department records

The Capitol Building

The US Office of Personnel Management (OPM) has been hit with a subpoena over the investigation into its colossal 2015 data breach.

The US government's House Oversight Committee is currently looking into the massive hack, which saw intruders steal the personal data of 21.5 million federal employees, including the fingerprint information of 5.6 million.

However, the department - which manages the government's payroll and staffing operations and its acting director Beth Cobert have been "refusing to co-operate" with the investigation into the incident.

Utah Congressman Jason Chaffetz has been chairing the committee, and said that he has been forced to take legal action in order to obtain documents vital to the enquiry.

Advertisement
Advertisement - Article continues below

"We made a commitment to the American people to ensure a hack of this nature never happens again," he told US political site The Hill.

"The documents we've repeatedly requested be provided to this committee are essential to fulfilling that promise."

"We've been asking for months," he told a hearing in January. "When will we get 100 per cent of those requests?"

Despite praising the acting director as "a talented, qualified and competent choice" on her initial appointment, Chaffetz has now expressed his displeasure with Cobert's leadership.

"OPM, under Ms Cobert's leadership, is not cooperating with the committee's investigation," he said. "Despite assurances of cooperation, I'm disappointed Ms Cobert is not working in good faith with the committee".

"We have produced hundreds, thousands of documents", Cobert told a Senate panel on Thursday, "and we're going to continue to be as cooperative as we can be".

23/09/2015: Fingerprints of 5.6M US federal staff stolen in OPM hack

Data stolen during the security breach of the USA's Office of Personnel Management has now been found to include the fingerprint information of at least 5.6 million employees.

The hack, which was discovered earlier in the year, was already confirmed to include the theft of over 21 million people's personally identifiable information.

The data includes the biometric information of individuals with varying levels of security clearance, leading to fears that the individuals responsible - believed to be based in China - could gain unauthorised access to high-level files.

Advertisement
Advertisement - Article continues below

The department has dismissed these fears, however, with press secretary Sam Schumach stating that "as of now, the ability to misuse fingerprint data is limited".

Affected citizens will be notified by mail in the near future, the OPM said.

13/07/2015: US government hit by huge breach, Chinese hackers suspected

A senior US government official has stood down after a devastating hack on her department exposed the personal details of at least 21.5 million people.

The director of the US government's Office of Personnel Management (OPM), Katherine Archuleta, said her resignation would help the department "move beyond the current challenges" affecting the personnel offices of the US government.

Her department acts as the HR office for the US administration, and the stolen data contains details about both employees and applicants to US government positions, as well as their spouses, mostly since the year 2000.

Stolen information includes people's health details, financial statuses, criminal records and social security numbers of 21.5 million people.

The attack initially broke in the media in April, but the full extent of the damage is only now emerging.

These were hacked from OPM's databases storing background information on people who have applied for jobs in the US government mostly since 2000, as well as their partners' and relatives' details.

OPM said 19.5 million victims were job applicants and 1.8 million spouses or "co-habitants".

Advertisement
Advertisement - Article continues below

The department said in a statement: "If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

China is widely believed to be behind the attack, but the country's government has denied involvement.

China called the "hypothetical accusations" irresponsible and counterproductive, but they are just the latest in a series of cyber crime allegations levelled at the country.

It was linked to the DDoS attack on coding repository Github, supposedly due to their hosting of anti-censorship site GreatFire.org. It also has a history of using a cyber weapon dubbed the 'Great Cannon' to take down sites it finds objectionable. On top of all that, China was also behind a 10-year campaign of intrusions against Southeast Asian targets, according to analysts.

This latest breach has spurred cyber security experts both in and outside government to call for better defences against online attacks. House Intelligence Committee member Adam Schiff has said that improvements in security are "perilously overdue".

The debacle has led to both Democrat and Republican politicians calling for President Barack Obama to sack Archuleta.

Before her resignation, the department outlined a plan to help victims whose details have been breached, starting by employing a private firm specialising in identity theft monitoring.

The company will work with victims for three years at no charge to them.

OPM has also established a cyber security incident resource centre to provide updates on the hack as well as direct victims to support and advice.

This article was first published on 05/06/15, but has been updated multiple times (most recently on 05/02/16).

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/government-it-strategy/28305/ir35-news
Policy & legislation

IT contractor wins £240k IR35 appeal against HMRC

5 Nov 2019
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019
Visit/data-breaches/29418/equifax-data-breach-cost-14-billion-so-far
data breaches

Ex-Equifax CIO to serve four months for insider trading

2 Jul 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019