Lesson to Learn from the OPM Breach

As we stated in our previous blog, “Tech Updates Summer 2015 – What Happened?“, the Office of Personnel Management experienced a breach in security this summer. This was the second of two different attacks OPM has faced within the last 2 years. This second attack was discovered in April of 2015. It was determined that personnel data of 4.2 million current and formal Federal government employees had been stolen. This data includes full names, date of birth, home addresses and Social Security Numbers. Upon further investigation in June 2015, it was determined that further information and personal data was compromised.

OPM_Data_BreachThis data included background investigation records of current, former and prospective Federal employees and contractors. Incident Response Teams have concluded the following:

21.5 million individuals SSNs have been stolen from databases

This includes 19.7 that applied for background checks and 1.8 million non-applicants (spouses or co habitants of applicants)

Applicants User Names and Passwords were also stolen

  • million individuals also had fingerprints included on their applications.

The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have been investigating these incidents and are diligently working to create preventative methods. These incident report teams, the DHS and the FBI are confident that “no new significant information about exfiltration will be found regarding these incidents.”

To learn more about how you may be affected and what you can do if you were, visit https://www.opm.gov/cybersecurity.

Reactive Response:
OPM announced this summer that they were taking steps to protect federal workers from other cyber threats. OPM highlights the below steps for improvement:

  1. Providing a comprehensive suite of monitoring and protection services for background investigation applicants and non-applicants who’s Social Security Numbers, and in many cases other sensitive information
  2. Helping other individuals who had other information included on background investigation forms
  3. Establishing an online cyber-security incident resource center
  4. Establishing a call center to respond to questions
  5. Protecting all Federal Employees

This full press release can be read here.

Aftermath and Continued Issues:

Wired also notes the potential for Blackmail with this breach. SF-86 forms were part of the breached data. These forms include financial information, reasons for past terminations, criminal history, as well as psychological background and past drug use. Wired also states that OPM did not have an IT Security staff until 2013. Investigation has shown careless measures for tracking equipment, inventory and encryption measures. This highly demonstrates the need for an IT security team.  http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/

Lesson to Learn?:

Don’t let your IT Security fall to the wayside. Catastrophic and huge business impacting results can occur with no security strategy. Data breaches become more and more of a threat each passing day. The best way to try and counter these breaches is to be proactive. If OPM had an IT security staff, it’s hard not to imagine if this could have happened. When it comes to security, compliance and your data, being reactive isn’t an option.

Contact Orion and ask about our Managed Security Service Offerings. Our Security experts can help your business, employees and customers remain secure and complaint.


By | 2017-03-24T13:47:45-04:00 September 23rd, 2015|Uncategorized|

About the Author: