OPM "refusing to co-operate" with government data breach enquiry

US House Oversight Committee resorts to legal action to obtain department records

The Capitol Building

The US Office of Personnel Management (OPM) has been hit with a subpoena over the investigation into its colossal 2015 data breach.

The US government's House Oversight Committee is currently looking into the massive hack, which saw intruders steal the personal data of 21.5 million federal employees, including the fingerprint information of 5.6 million.

Advertisement - Article continues below

However, the department - which manages the government's payroll and staffing operations and its acting director Beth Cobert have been "refusing to co-operate" with the investigation into the incident.

Utah Congressman Jason Chaffetz has been chairing the committee, and said that he has been forced to take legal action in order to obtain documents vital to the enquiry.

"We made a commitment to the American people to ensure a hack of this nature never happens again," he told US political site The Hill.

"The documents we've repeatedly requested be provided to this committee are essential to fulfilling that promise."

"We've been asking for months," he told a hearing in January. "When will we get 100 per cent of those requests?"

Despite praising the acting director as "a talented, qualified and competent choice" on her initial appointment, Chaffetz has now expressed his displeasure with Cobert's leadership.

Advertisement
Advertisement - Article continues below

"OPM, under Ms Cobert's leadership, is not cooperating with the committee's investigation," he said. "Despite assurances of cooperation, I'm disappointed Ms Cobert is not working in good faith with the committee".

Advertisement - Article continues below

"We have produced hundreds, thousands of documents", Cobert told a Senate panel on Thursday, "and we're going to continue to be as cooperative as we can be".

23/09/2015: Fingerprints of 5.6M US federal staff stolen in OPM hack

Data stolen during the security breach of the USA's Office of Personnel Management has now been found to include the fingerprint information of at least 5.6 million employees.

The hack, which was discovered earlier in the year, was already confirmed to include the theft of over 21 million people's personally identifiable information.

The data includes the biometric information of individuals with varying levels of security clearance, leading to fears that the individuals responsible - believed to be based in China - could gain unauthorised access to high-level files.

The department has dismissed these fears, however, with press secretary Sam Schumach stating that "as of now, the ability to misuse fingerprint data is limited".

Advertisement - Article continues below

Affected citizens will be notified by mail in the near future, the OPM said.

13/07/2015: US government hit by huge breach, Chinese hackers suspected

A senior US government official has stood down after a devastating hack on her department exposed the personal details of at least 21.5 million people.

The director of the US government's Office of Personnel Management (OPM), Katherine Archuleta, said her resignation would help the department "move beyond the current challenges" affecting the personnel offices of the US government.

Her department acts as the HR office for the US administration, and the stolen data contains details about both employees and applicants to US government positions, as well as their spouses, mostly since the year 2000.

Advertisement
Advertisement - Article continues below

Stolen information includes people's health details, financial statuses, criminal records and social security numbers of 21.5 million people.

The attack initially broke in the media in April, but the full extent of the damage is only now emerging.

Advertisement - Article continues below

These were hacked from OPM's databases storing background information on people who have applied for jobs in the US government mostly since 2000, as well as their partners' and relatives' details.

OPM said 19.5 million victims were job applicants and 1.8 million spouses or "co-habitants".

The department said in a statement: "If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

China is widely believed to be behind the attack, but the country's government has denied involvement.

China called the "hypothetical accusations" irresponsible and counterproductive, but they are just the latest in a series of cyber crime allegations levelled at the country.

It was linked to the DDoS attack on coding repository Github, supposedly due to their hosting of anti-censorship site GreatFire.org. It also has a history of using a cyber weapon dubbed the 'Great Cannon' to take down sites it finds objectionable. On top of all that, China was also behind a 10-year campaign of intrusions against Southeast Asian targets, according to analysts.

Advertisement - Article continues below

This latest breach has spurred cyber security experts both in and outside government to call for better defences against online attacks. House Intelligence Committee member Adam Schiff has said that improvements in security are "perilously overdue".

The debacle has led to both Democrat and Republican politicians calling for President Barack Obama to sack Archuleta.

Before her resignation, the department outlined a plan to help victims whose details have been breached, starting by employing a private firm specialising in identity theft monitoring.

The company will work with victims for three years at no charge to them.

OPM has also established a cyber security incident resource centre to provide updates on the hack as well as direct victims to support and advice.

This article was first published on 05/06/15, but has been updated multiple times (most recently on 05/02/16).

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020