US Government's HR Department Has Been Hacked, Government Employee Data Leaked

from the if-you-can't-clean-up-your-own-home... dept

The agency said that in April of 2015 it had identified “a cybersecurity incident potentially affecting personnel data for current and former federal employees, including personally identifiable information,” although the breach is only being disclosed now. OPM alsos said that it will notify around 4 million people whose personal information “may have been compromised”—although the number is likely to grow since the investigation is ongoing.

To protect employees from identity theft, OPM is giving them free “credit report access, credit monitoring and identify theft insurance and recovery services,” according to the press release.



“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” OPM Director Katherine Archuleta said in a statement.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The US government keeps insisting that companies should be giving it information in order to help the government block "cybersecurity" attacks on those companies. In fact, as just reported, the NSA is already scooping up tons of information in trying to spot malicious attacks ahead of time, despite insisting in the past that it wasn't doing this. However, before everyone starts handing over information to the federal government, shouldn't we have some sort of evidence that the US government itself actually has some decent cybersecurity skills?Because it appears that, yet again, there has been a massive data breach, and this time, it's the US government's Office of Personnel Management (OPM) , which is basically the HR department for the entire federal government. In other words, hackers may have gotten access to the personal information on tons of currentformer government employees:Taking the same idiotic, symbolic but pointless, response as the private sector every time there's a breach, the OPM is promising a some free credit reporting:Actually, that last statement does not appear to be true. As the report at Vice's Motherboard (linked above) notes, this is the second time in less than a year that this happened , and last time it was determined to be Chinese hackers who broke in -- and that's who is suspected again this time. In which case, "free credit reporting" services are likely to be. It's quite likely that whoever hacked in wasn't doing it to do identity fraud and swipe credit card numbers, but to get useful information for additional, more sophisticated hacks to get access to various government employees' computers and networks.So, yeah, if the US government can't even protect its own systems against these hacks, can someone explain why, again, we're expected to have companies hand over their own information under the false belief that the government will somehow protect them against attacks as well?

Filed Under: china, cybersecurity, hacked, office of personnel management, opm, us government