US Government's HR Department Has Been Hacked, Government Employee Data Leaked

Failures

from the if-you-can't-clean-up-your-own-home... dept

The US government keeps insisting that companies should be giving it information in order to help the government block “cybersecurity” attacks on those companies. In fact, as just reported, the NSA is already scooping up tons of information in trying to spot malicious attacks ahead of time, despite insisting in the past that it wasn’t doing this. However, before everyone starts handing over information to the federal government, shouldn’t we have some sort of evidence that the US government itself actually has some decent cybersecurity skills?

Because it appears that, yet again, there has been a massive data breach, and this time, it’s the US government’s Office of Personnel Management (OPM), which is basically the HR department for the entire federal government. In other words, hackers may have gotten access to the personal information on tons of current and former government employees:

The agency said that in April of 2015 it had identified ?a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information,? although the breach is only being disclosed now. OPM alsos said that it will notify around 4 million people whose personal information ?may have been compromised??although the number is likely to grow since the investigation is ongoing.

Taking the same idiotic, symbolic but pointless, response as the private sector every time there’s a breach, the OPM is promising a some free credit reporting:

To protect employees from identity theft, OPM is giving them free ?credit report access, credit monitoring and identify theft insurance and recovery services,? according to the press release.

?Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,? OPM Director Katherine Archuleta said in a statement.

Actually, that last statement does not appear to be true. As the report at Vice’s Motherboard (linked above) notes, this is the second time in less than a year that this happened, and last time it was determined to be Chinese hackers who broke in — and that’s who is suspected again this time. In which case, “free credit reporting” services are likely to be totally useless. It’s quite likely that whoever hacked in wasn’t doing it to do identity fraud and swipe credit card numbers, but to get useful information for additional, more sophisticated hacks to get access to various government employees’ computers and networks.

So, yeah, if the US government can’t even protect its own systems against these hacks, can someone explain why, again, we’re expected to have companies hand over their own information under the false belief that the government will somehow protect them against attacks as well?

Filed Under: china, cybersecurity, hacked, office of personnel management, opm, us government