US government still not notified staff of personal data compromise, months after the OPM hack
The tardy response of the US government to the Office of Personnel Management (OPM) hack earlier this year continues, with US officials acknowledging they had still not notified affected staff.
The attack, which was detected back in April, hit the OPM, which handles staff records and security clearances, with up to 21.5 million federal employees and contractors thought to have been affected.
However despite the large number of affected staff, the US government has still not notified people that their personal data may have been compromised, according to Reuters.
The OPM reportedly said notifications would continue over several weeks and “will be sent directly to impacted individuals.”
The agency has also hired an contractor called Identity Theft Guard Solutions LLC to help protect the identities and credit ratings of staff whose data was hacked. That contractor is an ID expert and will apparently provide credit and identity monitoring services for three years, as well as identity theft insurance, to affected individuals and dependent children.
US law enforcement has blamed a “foreign entity or government” for the hack, and authorities are looking into a possible Chinese link.
The OPM handles handles security clearances and staff records for federal staff, and the compromised data could include embarrassing personal details, such as arrest records or information about drug use for example.
The breach is thought to be the largest ever compromise of US government data. But this was not the first time that the OPM has been hacked.
Last year it was revealed that the OPM had been hacked in March 2014. The hackers back then targeted the files on tens of thousands of staff who had applied for top-secret security clearances. The hackers back then gained access to some of the agency’s databases, before the federal authorities detected the threat and blocked it. That attack was also traced to China.
A top US intelligence official has also named China as the top suspect in the hack.China has consistenly denied it was involved. But investigators point out that forensic evidence linked the OPM attack to other incidents thought to have been sponsored by China.
In June this year, the OPM said that it had taken its e-QIP system (a web-based platform for completing and submitting background investigation forms) offline while security repairs were implemented.
What do you know about Internet security? Find out with our quiz!