Massive OPM Breach Reveals Glaring Vulnerability of Federal IT Systems
The stealthy cyber-attack that resulted in the theft of millions of employee records reveals just how much the U.S. government must do to improve data security.Since the U.S. Office of Personnel Management announced a pair of network breaches this month, Michael Brown, a former admiral in the U.S. Navy, has waited for the notification that his sensitive personal information was stolen in the breach. While the Office of Personnel Management estimated that attackers had stolen the employment and insurance records of some 4.2 million government employees, officials still did not know the extent of a second breach the agency disclosed in mid-June in which attackers apparently gained access to a sensitive database storing the results of the background investigations required to gain clearance for sensitive government positions. A preliminary estimate, based on the Social Security numbers in the database, estimated that the personal details of 18 million people were stolen in the attack that the Obama Administration linked to China. While Brown, now a vice president for security giant RSA, is concerned what the attackers might do with his information, more worrisome is what they might do with the information of people who failed to get a security clearance, he told eWEEK.
"I worry about those folks over the many years who have not received a clearance, they are a prime target," he said. "Because the rationale for them not to get clearance—whether they are still in government or not—the evidence is in that database, and I think that is a major risk for us right now." Details of arrests, drug use, infidelity and poor finances would likely be top targets, Brown said.