OPM hack affected 1 in 15 Americans: What's being done to prevent next attack?

The Office of Personnel Management announced on Thursday new measures to protect federal workers' from potential cybersecurity threats.

Susan Walsh/AP
Office of Personnel Management (OPM) director Katherine Archuleta testifies on Capitol Hill in Washington, June 25. The Obama administration says hackers stole Social Security numbers from more than 21 million people and took other sensitive information when government computer systems were compromised. The number affected by the breach is higher than the 14 million figure that investigators gave The Associated Press in June.

The director of the federal government's Office of Personnel Management is resisting pressure to step down following revelations that hackers accessed the personal information of more than 21 million Americans.

"I truly understand the impact this has on our current and former employees, our military personnel and our contractors," she told reporters Thursday.

"Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust," she added.

The Obama administration has so far remained behind OPM Director Katherine Archuleta. The White House is focusing instead on the implementation of additional measures to bolster government cybersecurity and to provide protections for US government staff and other individuals whose data already may have been compromised.

On Thursday, OPM released a series of new steps designed to protect federal workers from future threats.

“Director Archuleta has initiated a comprehensive review of the architectural design of OPM’s IT systems, to identify and immediately mitigate any other vulnerabilities that may exist, and assess OPM’s data sharing and use policies. That review is ongoing,” the OPM announced on its website Thursday.

The cybersecurity breach, which is considered to have been biggest in US history, may have been a wakeup for big organizations like the OPM that have failed to properly protect user accounts with privileged access to important data systems from nefarious hackers.  

“OPM Director Katherine Archuleta disclosed that in one of the two recently discovered intrusions at the agency, intruders gained access to its systems using a username and password belonging to an external contractor working for the agency,” Monitor correspondent Jaikmar Vijayan wrote in late June.

“The attackers then leveraged that foothold to access a critical database and siphon out sensitive personal data belonging to an estimated 4 million current and former federal workers. Their activity remained hidden from view since it was carried out under the guise of someone with legitimate access rights,” he explained.

The Obama administration has since announced that it has increased its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks, and examining how the government conducts sensitive background investigations.

The administration also launched a new, online cybersecurity resource center to provide information about the OPM incident. In coming months, it plans to hammer out the details of proposals for credit and identity theft monitoring services for all federal employees.

A recent investigation discovered that the White House waited about a month before revealing information about the breaches and their extent to the public. Further investigation into the breaches is ongoing.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.