OPM "refusing to co-operate" with government data breach enquiry

US House Oversight Committee resorts to legal action to obtain department records

The Capitol Building

The US Office of Personnel Management (OPM) has been hit with a subpoena over the investigation into its colossal 2015 data breach.

The US government's House Oversight Committee is currently looking into the massive hack, which saw intruders steal the personal data of 21.5 million federal employees, including the fingerprint information of 5.6 million.

Advertisement - Article continues below

However, the department - which manages the government's payroll and staffing operations and its acting director Beth Cobert have been "refusing to co-operate" with the investigation into the incident.

Utah Congressman Jason Chaffetz has been chairing the committee, and said that he has been forced to take legal action in order to obtain documents vital to the enquiry.

"We made a commitment to the American people to ensure a hack of this nature never happens again," he told US political site The Hill.

"The documents we've repeatedly requested be provided to this committee are essential to fulfilling that promise."

"We've been asking for months," he told a hearing in January. "When will we get 100 per cent of those requests?"

Despite praising the acting director as "a talented, qualified and competent choice" on her initial appointment, Chaffetz has now expressed his displeasure with Cobert's leadership.

Advertisement
Advertisement - Article continues below

"OPM, under Ms Cobert's leadership, is not cooperating with the committee's investigation," he said. "Despite assurances of cooperation, I'm disappointed Ms Cobert is not working in good faith with the committee".

Advertisement - Article continues below

"We have produced hundreds, thousands of documents", Cobert told a Senate panel on Thursday, "and we're going to continue to be as cooperative as we can be".

23/09/2015: Fingerprints of 5.6M US federal staff stolen in OPM hack

Data stolen during the security breach of the USA's Office of Personnel Management has now been found to include the fingerprint information of at least 5.6 million employees.

The hack, which was discovered earlier in the year, was already confirmed to include the theft of over 21 million people's personally identifiable information.

The data includes the biometric information of individuals with varying levels of security clearance, leading to fears that the individuals responsible - believed to be based in China - could gain unauthorised access to high-level files.

The department has dismissed these fears, however, with press secretary Sam Schumach stating that "as of now, the ability to misuse fingerprint data is limited".

Advertisement - Article continues below

Affected citizens will be notified by mail in the near future, the OPM said.

13/07/2015: US government hit by huge breach, Chinese hackers suspected

A senior US government official has stood down after a devastating hack on her department exposed the personal details of at least 21.5 million people.

The director of the US government's Office of Personnel Management (OPM), Katherine Archuleta, said her resignation would help the department "move beyond the current challenges" affecting the personnel offices of the US government.

Her department acts as the HR office for the US administration, and the stolen data contains details about both employees and applicants to US government positions, as well as their spouses, mostly since the year 2000.

Advertisement
Advertisement - Article continues below

Stolen information includes people's health details, financial statuses, criminal records and social security numbers of 21.5 million people.

The attack initially broke in the media in April, but the full extent of the damage is only now emerging.

Advertisement - Article continues below

These were hacked from OPM's databases storing background information on people who have applied for jobs in the US government mostly since 2000, as well as their partners' and relatives' details.

OPM said 19.5 million victims were job applicants and 1.8 million spouses or "co-habitants".

The department said in a statement: "If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

China is widely believed to be behind the attack, but the country's government has denied involvement.

China called the "hypothetical accusations" irresponsible and counterproductive, but they are just the latest in a series of cyber crime allegations levelled at the country.

It was linked to the DDoS attack on coding repository Github, supposedly due to their hosting of anti-censorship site GreatFire.org. It also has a history of using a cyber weapon dubbed the 'Great Cannon' to take down sites it finds objectionable. On top of all that, China was also behind a 10-year campaign of intrusions against Southeast Asian targets, according to analysts.

Advertisement - Article continues below

This latest breach has spurred cyber security experts both in and outside government to call for better defences against online attacks. House Intelligence Committee member Adam Schiff has said that improvements in security are "perilously overdue".

The debacle has led to both Democrat and Republican politicians calling for President Barack Obama to sack Archuleta.

Before her resignation, the department outlined a plan to help victims whose details have been breached, starting by employing a private firm specialising in identity theft monitoring.

The company will work with victims for three years at no charge to them.

OPM has also established a cyber security incident resource centre to provide updates on the hack as well as direct victims to support and advice.

This article was first published on 05/06/15, but has been updated multiple times (most recently on 05/02/16).

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020