IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

OPM "refusing to co-operate" with government data breach enquiry

US House Oversight Committee resorts to legal action to obtain department records

The Capitol Building

The US Office of Personnel Management (OPM) has been hit with a subpoena over the investigation into its colossal 2015 data breach.

The US government's House Oversight Committee is currently looking into the massive hack, which saw intruders steal the personal data of 21.5 million federal employees, including the fingerprint information of 5.6 million.

However, the department - which manages the government's payroll and staffing operations and its acting director Beth Cobert have been "refusing to co-operate" with the investigation into the incident.

Utah Congressman Jason Chaffetz has been chairing the committee, and said that he has been forced to take legal action in order to obtain documents vital to the enquiry.

"We made a commitment to the American people to ensure a hack of this nature never happens again," he told US political site The Hill.

"The documents we've repeatedly requested be provided to this committee are essential to fulfilling that promise."

"We've been asking for months," he told a hearing in January. "When will we get 100 per cent of those requests?"

Despite praising the acting director as "a talented, qualified and competent choice" on her initial appointment, Chaffetz has now expressed his displeasure with Cobert's leadership.

"OPM, under Ms Cobert's leadership, is not cooperating with the committee's investigation," he said. "Despite assurances of cooperation, I'm disappointed Ms Cobert is not working in good faith with the committee".

"We have produced hundreds, thousands of documents", Cobert told a Senate panel on Thursday, "and we're going to continue to be as cooperative as we can be".

23/09/2015: Fingerprints of 5.6M US federal staff stolen in OPM hack

Data stolen during the security breach of the USA's Office of Personnel Management has now been found to include the fingerprint information of at least 5.6 million employees.

The hack, which was discovered earlier in the year, was already confirmed to include the theft of over 21 million people's personally identifiable information.

The data includes the biometric information of individuals with varying levels of security clearance, leading to fears that the individuals responsible - believed to be based in China - could gain unauthorised access to high-level files.

The department has dismissed these fears, however, with press secretary Sam Schumach stating that "as of now, the ability to misuse fingerprint data is limited".

Affected citizens will be notified by mail in the near future, the OPM said.

13/07/2015: US government hit by huge breach, Chinese hackers suspected

A senior US government official has stood down after a devastating hack on her department exposed the personal details of at least 21.5 million people.

The director of the US government's Office of Personnel Management (OPM), Katherine Archuleta, said her resignation would help the department "move beyond the current challenges" affecting the personnel offices of the US government.

Her department acts as the HR office for the US administration, and the stolen data contains details about both employees and applicants to US government positions, as well as their spouses, mostly since the year 2000.

Stolen information includes people's health details, financial statuses, criminal records and social security numbers of 21.5 million people.

The attack initially broke in the media in April, but the full extent of the damage is only now emerging.

These were hacked from OPM's databases storing background information on people who have applied for jobs in the US government mostly since 2000, as well as their partners' and relatives' details.

OPM said 19.5 million victims were job applicants and 1.8 million spouses or "co-habitants".

The department said in a statement: "If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

China is widely believed to be behind the attack, but the country's government has denied involvement.

China called the "hypothetical accusations" irresponsible and counterproductive, but they are just the latest in a series of cyber crime allegations levelled at the country.

It was linked to the DDoS attack on coding repository Github, supposedly due to their hosting of anti-censorship site GreatFire.org. It also has a history of using a cyber weapon dubbed the 'Great Cannon' to take down sites it finds objectionable. On top of all that, China was also behind a 10-year campaign of intrusions against Southeast Asian targets, according to analysts.

This latest breach has spurred cyber security experts both in and outside government to call for better defences against online attacks. House Intelligence Committee member Adam Schiff has said that improvements in security are "perilously overdue".

The debacle has led to both Democrat and Republican politicians calling for President Barack Obama to sack Archuleta.

Before her resignation, the department outlined a plan to help victims whose details have been breached, starting by employing a private firm specialising in identity theft monitoring.

The company will work with victims for three years at no charge to them.

OPM has also established a cyber security incident resource centre to provide updates on the hack as well as direct victims to support and advice.

This article was first published on 05/06/15, but has been updated multiple times (most recently on 05/02/16).

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
LinkedIn to pay $1.8 million to employees after settling gender discrimination charges
Careers & training

LinkedIn to pay $1.8 million to employees after settling gender discrimination charges

4 May 2022
Google claims US government is too reliant on unsecure Microsoft products
cyber security

Google claims US government is too reliant on unsecure Microsoft products

1 Apr 2022
Democrats propose privacy-focused digital dollar
digital currency

Democrats propose privacy-focused digital dollar

29 Mar 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022