By SUA Staff – Yet again, another breach of sensitive data is stolen. Millions more social security numbers and personal information are now in whose hands?
That means that more than 25 million American citizens’ private information is no longer private and they are vulnerable to all manner of ills, and its not just identity theft.
Social Security numbers, bank accounts, personnel history, private background information, addresses, information about your family, employment history, FBI interviews for clearance.
Just about everything is now out there, and can be used for blackmail, exposing operatives, debts, medical information…
It’s all in the hands of nefarious people and could mean wide-scale damage that could cripple our government, its employees, overseas operations, friends and family, and marriages to name but a few.
Public System Failures
Obama believes “his” appointment of Katherine Archuleta as Office of Personnel Management Director was an excellent choice but she proved to be inept, and though the White House defended her and she said she wanted to stay, 24 hours later that all changed; she resigned.
Why does this very serious management issue keep repeating itself? Why are government systems so out-dated and archaic – especially at the price we pay for these systems? Lack of leadership, example, after example, for years, but that does not mean it began solely with Obama.
But once in office, it became Obama’s responsibility to “transform” how government worked, instead, his lack of leadership led to poor oversight, pathetic policy implementation, and failure after failure.
Private System Failures
While the data breach is huge, it is not our only ‘huge’ problem. Just this week we saw how vulnerable our private systems were as well as United Air Lines had to ground all flights worldwide (for 2 hours) over a technical glitch with aging routers.
The same day, mere minutes later, the NYSE (New York Stock Exchange) had to suspend trading because of a software upgrade glitch for almost four hours, immediately said to be unrelated.
Then, due to so many investors wanting to know what happened, they turned to the Wall Street Journal to see why and got “504” errors. They were getting Gateway Timeout error usually ascribed to too much traffic we are told by management.
All just a coincidence? These breaches, glitches, human error, archaic systems, crumbling infrastructure, and poor leadership shows just how vulnerable we are. Even if it was all just coincidental, imagine an intentional cascading set of failures over a wider scale; nation-wide; for that matter world-wide?
Yet, the most important priories are ‘Climate Change’, the Iran deal, and a historical flag in South Carolina…where was that call to the Steinle family from the White House?
OPM Announces More Than 21 Million Affected by Second Data Breach
By Kaveh Waddell and Dustin Volz – National Journal
July 9, 2015 More than 21 million Social Security numbers were compromised in a breach that affected a database of sensitive information on federal employees held by the Office of Personnel Management, the agency announced Thursday.
That number is in addition to the 4.2 million Social Security numbers that were compromised in another data breach at OPM that was made public in June. Officials have privately linked both intrusions to China.
Of the 21.5 million records that were stolen, 19.7 million belonged to individuals who had undergone background investigations, OPM said. The remaining 1.8 million records belonged to other individuals, mostly applicants’ families.
The records that were compromised include detailed, sensitive background information, such as employment history, relatives, addresses, and past drug abuse or emotional disorders. OPM said 1.1 million of the compromised files included fingerprints.
Some of the files in the compromised database also include “residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details,” OPM said.
Also included in the database is information from background investigations, as well as usernames and passwords that applicants used to fill out investigation forms.
And although separate systems that store health, financial, and payroll information do not appear to have been compromised, the agency says some mental health and financial information is included in the security clearance files that were affected by the hack.
Besides the 21.5 million individuals who had their Social Security information stolen, OPM says others’ identifying information—such as their names, addresses, and dates of birth—also were compromised.
OPM will provide credit monitoring and identity-theft protection services to the individuals whose Social Security numbers were stolen, but those individuals will be responsible for disseminating information to other people they may have listed on their background check forms.
Those people, whom the government will not contact directly, will not have access to government-bought identity-protection services.
The hack that resulted in the loss of these records began in May 2014, according to OPM Director Katherine Archuleta’s testimony before Congress. It was not discovered until May 2015.
OPM Director Katherine Archuleta resigns after testifying
A security update applied by OPM and the Homeland Security Department in January ended the bulk of the data extraction, according to congressional testimony from Andy Ozment, assistant secretary for cybersecurity and communications at DHS, even though the breach would not be discovered for months.
OPM said Thursday that individuals who underwent background investigations in or after the year 2000 are “highly likely” to have had their information compromised in the breach. (This includes both new applicants and employees that were subject to a “periodic reinvestigation” during that time.)
But those who were investigated before 2000 also may have been affected.
CSID, the contractor that was employed to send out notifications and provide identity protection to the 4.2 million individuals affected by the hack announced in June, will not be involved in the notification process for this data breach, a spokesman for the company said.
Lawmakers and officials criticized CSID for its handling of the earlier notification process, and for making many employees who called in with questions wait on hold for hours. It was not immediately clear what company will handle the next round of notifications.
News of the second intrusion was first reported in June and was described as a potentially devastating heist of government data, as hackers seized extensive security-clearance information from intelligence and military personnel.
OPM said at the time that it became aware of the second hack while investigating the smaller breach.
The size of the second breach exceeds most of the estimates previously reported in various media outlets.
The personnel agency said Thursday that it has not seen any indication that the stolen information has been “misused” or otherwise disseminated.
On Wednesday, FBI Director James Comey refused to provide a specific number when asked by members of the Senate Intelligence Committee about the size of the breach. Comey did say the hack was “enormous,” however, and confirmed that his own data had been compromised.
Several lawmakers in both parties have called for the resignations of Archuleta and Donna Seymour, the chief information officer at OPM, since the data breaches came to light last month.
In a sharp statement Thursday after the numbers were revealed, House Oversight Chairman Jason Chaffetz reiterated his belief that the two “need to resign or be removed” from their posts.
“Since at least 2007, OPM leadership has been on notice about the vulnerabilities to its network and cybersecurity policies and practices,” the Utah Republican said. “Director Archuleta and Ms. Seymour consciously ignored the warnings and failed to correct these weaknesses.
Their negligence has now put the personal and sensitive information of 21.5 million Americans into the hands of our adversaries. Such incompetence is inexcusable. Again, I call upon President Obama to remove Director Archuleta and Ms. Seymour immediately.”
Sen. Mark Warner, who sits on the Senate Select Committee on Intelligence and has been involved in the fallout following the OPM hacks, called for Archuleta to resign.
“The technological and security failures at the Office of Personnel Management predate this director’s term, but Director Archuleta’s slow and uneven response has not inspired confidence that she is the right person to manage OPM through this crisis,” the Virginia Democrat said in a Thursday night statement.
“It is time for her to step down, and I strongly urge the administration to choose new management with proven abilities to address a crisis of this magnitude with an appropriate sense of urgency and accountability.”
Rep. Barbara Comstock added her name to the chorus of lawmakers calling for Archuleta’s swift removal Thursday. The Virginia Republican, who was notified last month that her personal information had been compromised in the hacks due to her previous roles as a federal employee, chided Archuleta for displaying “complacency, apathy … and incompetence” in the wake of the breach.
“It goes to the top,” Comstock said in an interview with National Journal. “This is a failure of leadership on her part, and if the president does not have the leadership to do this, I think she should step aside.”
A handful of Democrats, including Reps. Ted Lieu and Jim Langevin, the cochair of the House cybersecurity caucus, also have called for Archuleta’s ouster.
Lieu and Republican Rep. Steve Russell went a step further Thursday, announcing that they were working on legislation that would move the security-clearance database out of OPM entirely and into the hands of an unspecified agency “that has a better grasp of cyberthreats.”
Archuleta, for her part, has remained resolute in the face of withering scrutiny. During a Thursday press call, the onetime political director for President Obama’s 2012 reelection campaign, said she and her staff should be applauded, not condemned, for their efforts to upgrade the agency’s cybersecurity since she took office in November 2013.
“It is because the efforts of OPM and its staff that we’ve been able to identify the breaches,” Archuleta said. When asked directly if she or Seymour would resign, Archuleta replied: “No.”
A White House spokesman reiterated support for the OPM director Thursday, echoing recent statements from White House press secretary Josh Earnest. In mid-June, Earnest said that Obama “has confidence” that Archuleta “is the right person for the job.”
The post Epic Public and Private Failures – 25M People Exposed at OPM appeared first on The SUA Blog | Stand Up America US.