Sen. Harry Reid, the Democratic leader, said on the Senate floor that the December hack into Office of Personnel Management data was carried out by “the Chinese.”
OPM SAYS; Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls.
J. David Cox, president of the American Federal of Government Employees, said in a letter to OPM director Katherine Archuleta that based on OPM’s internal briefings, the hackers stole military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race data.
June 11, 2015
The Honorable Katherine Archuleta Director, OPM
US. Office of Personnel Management
1900 E Street, NW Washington, DC 20415
Dear Honorable Archuleta,
I am writing in reference to the data breach announced by the Office of Personnel Management (OPM). In the days since the breach was announced, very little substantive information has been shared with us, despite the fact that we represent more than 670,000 federal employees in departments and agencies throughout the Executive branch.
OPM has attempted to justify the withholding of information on the breach by claiming that the ongoing criminal investigation restricts your ability to inform us of exactly what happened, what vulnerabilities were exploited, who was responsible for the breach, and how damage to affected individuals will be compensated.
Based on the sketchy information OPM has provided, we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees. We believe that hackers have every affected persons Social Security numbers), military records and veterans status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe that Social Security numbers were not encrypted, a cyber security failure that is absolutely indefensible and outrageous.
The 18 months of credit monitoring and 1 million liability insurance that OPM has offered affected employees is entirely inadequate, either as compensation or protection from harm. At a minimum, OPM owes employees free lifetime credit monitoring and liability insurance that covers the entirety of any loss attributable to the breach.
Further, the fact that OPM has outsourced to a contractor, CSID, the responsibility for answering affected employees questions adds insult to injury. The terms of the contract apparently do not include guaranteed access to a living, breathing human being knowledgeable enough to answer questions. We ask that OPM reconsider this decision to provide such an inadequate half-measure. Federal employees who have been victimized by this breach deserve more than a difficult to-navigate website and call center contractors who do not know the answers to questions that go beyond a FAQ template.
At numerous agencies, employees are forbidden to use their government computers for any purpose other than a work assignment. They are forbidden from using their government computers to access personal emails or any non-work related websites for any reason. Clearly, federal employees dealing with this breach will need to use their computers on duty time to attempt to protect themselves from the effects of this breach. I ask that you coordinate the issuance of directives from the Secretaries of the relevant agencies that permits an exception to these prohibitions for the purpose of attempting to protect their personal information and financial security from the effects of this breach.
Finally, it is crucial that all agencies be instructed to meet their collective bargaining obligations related to this breach. AFGE will issue demands to bargain for represented workers, and we ask that you make certain that management is apprised of its responsibility to respond appropriately.
I understand that OPM is embarrassed by this breach. It represents an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce. AFGE will continue to work to ensure that core functions of government agencies, such as protecting the security of databases like this one, are well-funded and performed by dedicated federal employees, not costly and unaccountable contractors. I look forward to working with you on this goal.
Sincerely yours,
J. David Cox, Sr. AFGE National President
Sure, first it was the North Koreans, than a few months ago it was the scary Russians. Now it’s the evil Chinese. Dumbs**t insoucient Americans always led around by the nose by their corrupt warmongering elite no matter what happens. They’re incapable of learning.
Buy more Chinese crap so you get compromised more often. Do these idiots actually think the Chinese don’t leave back doors in their routers and anything else that comes from China. They’ll do what they did when the Postal Intranet was compromised, promote the idiot in charge of security.
This is about the incompetence of the government to protect it’s workers and it’s citizens.
Next time they will bring down the power grid.
Tee Time, this was not connected to President Obama. Yes, he has infuriated millions including myself with his unwillingness to cease domestic surveillance through first the NSA and who knows what agency now, but a cyber breach into federal employees’ files was not his fault. Try to be realistic instead of venting your obvious dislike of President Obama. I don’t like a helluva lot of what he’s doing either, including trying to fast track more overseas trade deals that will just mean even more job losses stateside.
Meanwhile, getting back to the issue: it’s obvious the OPM and the feds at all levels are horrendously incompetent with cyber security, so much so it should be a huge embarrassment to all Senators and Representatives. Who would believe that the Social Security data wasn’t even encrypted to a small degree, if it wasn’t coming from Washington? And what a frightening thought – just what do these attackers plan to do with our private information? Steal our money? Wipe out our TSP’s? Sell the personal information to other spammers and hackers? Yes to all of the above.
First, heads must roll. The head of the OPM should be under criminal investigation, forced before Congress, like that’ll do anything, but it’s the way it’s done, fired and possibly have charges filed against her and anybody responsible for allowing this inexcusable crap to keep happening. Cyber terrorism is very real, and is going full blast. This is no conspiracy shit – just look at how many major banks, businesses and the Feds have been attacked. There are lots of ways to ruin a country, and economic catastrophes are very effective and almost impossible to prosecute. Government employees’ information should be double or triple encrypted, backed up and stored in servers with codes so advanced that nobody can get into them, and the existence of such servers should be kept secret.
There should be advanced software that can trace these criminals, other than just to “China”. Gee, that narrows the search to about 1 billion people.
I fear the ultimate consequences of these attacks have yet to be felt. Once the information is there, those hackers who may be government agents themselves from other nations, they have all the time in the world to plot whatever it is they want. What a price for technology.
It’s all fun and games, until the “Red Army” shows up at your door! Repeal 2nd amendment restrictions on federal property. After all, IT’S OUR PROPERTY!!!
Where is that place – – India ? where they HACK your fingers OFF for such a bad deed ! !
Great job Obama, maybe now we can use the 34 spy agencies to protect American rather than spying on political rivals.