The Office of Personnel Management updated congressional staffers Monday on the status of a review of its data-security systems, but continued to duck questions about the extent of a data breach that affected federal employees’ sensitive background-check data, according to multiple Hill sources.
OPM and the Department of Homeland Security held a joint conference call with several congressional offices to brief them on the ongoing investigation into a pair of massive cyber-intrusions disclosed over the past month that officials privately have linked to China.
One congressional staffer said OPM stated on the call that it is planning to announce as soon as next week the size of a second breach of its servers, which exposed highly sensitive security-clearance information of intelligence and military personnel.
The agency pushed back against any suggestion that a definitive timeline was set for a new announcement, however. “We will make a public announcement when we have more details to share,” OPM spokesman Samuel Schumach said when asked about the call. “I just don’t know a specific date just yet.”
OPM officials on the call said they had not yet reached a final determination about the scope of the second breach, according to multiple staffers, who would speak only on condition of anonymity given the sensitivity of the call.
The estimates for the total number of individuals affected by the data breach has increased in recent media reports. Last week, CNN reported that tally could be as high as 18 million, given that hackers had access to a database storing security-clearance forms, known as SF-86, which possess a multitude of personal information about family members and other close affiliates.
Officials used the call to discuss the agency’s decision to suspend use of a Web-based system to fill out detailed background investigations, which it publicly announced Monday. That system has a security flaw that will take several weeks to fix, the agency said, but there is no evidence that the flaw was exploited.
The officials did not say how long the vulnerability had existed before it was discovered, or exactly what data was affected, according to one congressional staffer who was on the call.
OPM has consistently said 4.2 million former and current workers were affected by a first hack of federal employee data. In testimony last week, OPM Director Katherine Archuleta refused to give an estimate on how many employees were affected by what officials have described as a discrete second breach of far more sensitive security-clearance information. The refusal to provide a figure is because the investigation is ongoing, Archuleta said.
It is not yet clear whether the second set of notifications would be sent by the same contractor that was in charge of the first wave of emails and letters to the 4.2 million individuals whose data may have been affected by the earlier data breach at OPM.
That contractor, CSID, was criticized by lawmakers and federal employees for sending notifications by email that some assumed were another attempt to defraud them. Members of Congress have also cited complaints about long wait times—up to three hours—for calls placed to the contractor for help.
OPM paid CSID about $20 million for its notification services.
What We're Following See More »
"The U.S. Supreme Court on Friday threw out a legal immigrant's drug conviction on the grounds that his lawyer had failed to advise him that he could be deported to his native South Korea if found guilty. The court ruled 6-2 in favor of Jae Lee, who ran two restaurants in Memphis, Tennessee and has lived in the United States since 1982 when he was 12. Despite the ruling, Lee could still be deported if he is tried and convicted again for the drug offense."
The four Senators released a joint statement, saying in part, "There are provisions in this draft that repreesnt an improvement to our current health care system, but it does not appear this draft as written will accomplish the most important promise we made to Americans: to repeal Obamacare and lower their health care costs."
Trump tweeted Thursday afternoon, "With all of the recently reported electronic surveillance, intercepts, unmasking and illegal leaking of information, I have no idea whether there are "tapes" or recordings of my conversations with James Comey, but I did not make, and do not have, any such recordings."