Congress Demands Details on OPM Breaches
Inquiries from Congress and at least five lawsuits are the latest ramifications of the massive Office of Personnel Management security breaches, which affected some 21.5 million current and former federal employees including NCUA personnel.
House Oversight Committee Chairman Jason Chaffetz (R-Utah) sent a letter to the U.S. Computer Emergency Readiness Team on Wednesday requesting the precise dates for when the OPM contacted US-CERT.
This letter comes almost two months after the breach and follows several congressional hearings. The Oversight Committee itself held three hearings in June and July.
“Even after these hearings, fundamental questions about the detection and the breach and OPM’s response remain,” Chaffetz’s letter read.
In his correspondence, Chaffetz asked OPM officials to turn over all internal OPM documents “referring or relating” to the agency’s discovery of the unauthorized access of security manuals. He also said he wants specifics on the types of security documents that were stolen by hackers. Chaffetz requested a response by Sept. 1.
In June and July, the OPM discovered two separate but related cybersecurity breach incidents, which exposed the personal data of current and former Federal government employees, contractors and others. The OPM blamed the attack on Chinese hackers.
Hackers acquired 21.5 million SF-86 forms submitted by applicants seeking security clearances with the federal government. These 127-page forms contained, among other things, the names of friends, relatives and associates of the applicants as well as personal financial information.
Some security analysts speculated that as many as 275 million people were impacted by the OPM breaches.
In addition, the OPM breach has resulted in at least five class action lawsuits filed against the agency, two of which were filed by the American Federation of Government Employees and the National Treasury Employees Union.
Earlier this week, Teresa J. McGarry, who works as an administrative law judge for the Social Security Administration, filed a lawsuit, which seeks class action status against OPM, the U.S. Department of Homeland Security and KeyPoint Government Solutions, which is the largest provider of background check services for the U.S. government.
McGarry's lawsuit alleges that OPM failed in its duty to maintain and safeguard the data that was in its care.
Her lawsuit also focuses on the Department of Homeland Security and its administration of a so-called Einstein intrusion detection system.
"The system was created to detect and prevent intruders from compromising the cybersecurity of federal governmental databases, including those housed at OPM and other governmental agencies," McGarry’s lawsuit read. "DHS failed as Einstein did not prevent intruders from breaching the OPM network and extracting sensitive files pertaining to millions of current, former and prospective federal employees and contractors."