OPM breach catches government off guard
Your employer’s human resources department is privy to a lot of information about you. They have your social security number, address, date of birth, salary and pay information. They may even have your bank account information if you have direct deposit, and a photocopy of your driver’s license…since they ALWAYS photocopy your driver’s license for some reason when you start a new job.
None of that personally identifiable information (PII) is the kind of data that you would want strangers to know about you. And you certainly wouldn’t want data thieves to know it.
This might explain why there are 22 million upset people working for the federal government right now.
Back in July, it was disclosed that a single, sophisticated cyberattack utilizing credentials stolen from a contractor – KeyPoint Government Solutions – was used to infiltrate the networks of the Office of Personnel Management (OPM), which functions as the human resources department for the entire federal government.
According to an article by Federal Computer Week, which cites an exclusive report, the breach began in December of 2014 and was not detected until April of 2015. In between, 22 million federal government employees may have had their PII compromised.
The fallout of the incident has been drastic and immediate. The Director of the OPM, Katherine Archuleta, was forced to resign amid allegations that negligence and lack of preparation left agency networks susceptible to attack. And the OPM is currently paying for credit monitoring for federal employees who may have been impacted, which is most likely an unwelcomed cost at a time when the federal government is working to slash budgets and reel in spending.
The size and scope of the OPM breach, how it was perpetuated and what could have been done to avoid it was one of the topics that Authomate CEO, Jeff Schmidt, and Savanture CEO, Doug Howard, discussed in a recent Webinar entitled, “Anatomy of a Breach.”
Click HERE to watch the replay of the “Anatomy of a Breach” Webinar (registration required)
Here is a video from the Webinar which includes Jeff and Doug discussing the OPM breach, how it occurred, what was compromised and what organizational changes could have been made to either prevent the attack or minimize its impact:
To watch the, “Anatomy of a Breach,” Webinar – which dives deep into the breaches that impacted Anthem, JPMorgan Chase, OPM, Starbucks and DropBox – in its entirety, click HERE (registration required).