OPM hack affected 1 in 15 Americans: What's being done to prevent next attack?
The Office of Personnel Management announced on Thursday new measures to protect federal workers' from potential cybersecurity threats.
Office of Personnel Management (OPM) director Katherine Archuleta testifies on Capitol Hill in Washington, June 25. The Obama administration says hackers stole Social Security numbers from more than 21 million people and took other sensitive information when government computer systems were compromised. The number affected by the breach is higher than the 14 million figure that investigators gave The Associated Press in June.
Susan Walsh/AP
The director of the federal government's Office of Personnel Management is resisting pressure to step down following revelations that hackers accessed the personal information of more than 21 million Americans.
"I truly understand the impact this has on our current and former employees, our military personnel and our contractors," she told reporters Thursday.
"Each and every one of us at OPM is committed to protecting the safety and the security of the info that is placed in our trust," she added.
The Obama administration has so far remained behind OPM Director Katherine Archuleta. The White House is focusing instead on the implementation of additional measures to bolster government cybersecurity and to provide protections for US government staff and other individuals whose data already may have been compromised.
On Thursday, OPM released a series of new steps designed to protect federal workers from future threats.
“Director Archuleta has initiated a comprehensive review of the architectural design of OPM’s IT systems, to identify and immediately mitigate any other vulnerabilities that may exist, and assess OPM’s data sharing and use policies. That review is ongoing,” the OPM announced on its website Thursday.
The cybersecurity breach, which is considered to have been biggest in US history, may have been a wakeup for big organizations like the OPM that have failed to properly protect user accounts with privileged access to important data systems from nefarious hackers.
“OPM Director Katherine Archuleta disclosed that in one of the two recently discovered intrusions at the agency, intruders gained access to its systems using a username and password belonging to an external contractor working for the agency,” Monitor correspondent Jaikmar Vijayan wrote in late June.
“The attackers then leveraged that foothold to access a critical database and siphon out sensitive personal data belonging to an estimated 4 million current and former federal workers. Their activity remained hidden from view since it was carried out under the guise of someone with legitimate access rights,” he explained.
The Obama administration has since announced that it has increased its cybersecurity efforts by proposing new legislation, urging private industry to share more information about attacks, and examining how the government conducts sensitive background investigations.
The administration also launched a new, online cybersecurity resource center to provide information about the OPM incident. In coming months, it plans to hammer out the details of proposals for credit and identity theft monitoring services for all federal employees.
A recent investigation discovered that the White House waited about a month before revealing information about the breaches and their extent to the public. Further investigation into the breaches is ongoing.