The Office of Personnel Management updated congressional staffers Monday on the status of a review of its data-security systems, but continued to duck questions about the extent of a data breach that affected federal employees’ sensitive background-check data, according to multiple Hill sources.
OPM and the Department of Homeland Security held a joint conference call with several congressional offices to brief them on the ongoing investigation into a pair of massive cyber-intrusions disclosed over the past month that officials privately have linked to China.
One congressional staffer said OPM stated on the call that it is planning to announce as soon as next week the size of a second breach of its servers, which exposed highly sensitive security-clearance information of intelligence and military personnel.
The agency pushed back against any suggestion that a definitive timeline was set for a new announcement, however. “We will make a public announcement when we have more details to share,” OPM spokesman Samuel Schumach said when asked about the call. “I just don’t know a specific date just yet.”
OPM officials on the call said they had not yet reached a final determination about the scope of the second breach, according to multiple staffers, who would speak only on condition of anonymity given the sensitivity of the call.
The estimates for the total number of individuals affected by the data breach has increased in recent media reports. Last week, CNN reported that tally could be as high as 18 million, given that hackers had access to a database storing security-clearance forms, known as SF-86, which possess a multitude of personal information about family members and other close affiliates.
Officials used the call to discuss the agency’s decision to suspend use of a Web-based system to fill out detailed background investigations, which it publicly announced Monday. That system has a security flaw that will take several weeks to fix, the agency said, but there is no evidence that the flaw was exploited.
The officials did not say how long the vulnerability had existed before it was discovered, or exactly what data was affected, according to one congressional staffer who was on the call.
OPM has consistently said 4.2 million former and current workers were affected by a first hack of federal employee data. In testimony last week, OPM Director Katherine Archuleta refused to give an estimate on how many employees were affected by what officials have described as a discrete second breach of far more sensitive security-clearance information. The refusal to provide a figure is because the investigation is ongoing, Archuleta said.
It is not yet clear whether the second set of notifications would be sent by the same contractor that was in charge of the first wave of emails and letters to the 4.2 million individuals whose data may have been affected by the earlier data breach at OPM.
That contractor, CSID, was criticized by lawmakers and federal employees for sending notifications by email that some assumed were another attempt to defraud them. Members of Congress have also cited complaints about long wait times—up to three hours—for calls placed to the contractor for help.
OPM paid CSID about $20 million for its notification services.
What We're Following See More »
"Christopher Steele, the former British intelligence officer who wrote the explosive dossier alleging ties between Donald Trump and Russia," says in a new book by The Guardian's Luke Harding that "Trump's land and hotel deals with Russians needed to be examined. ... Steele did not go into further detail, Harding said, but seemed to be referring to a 2008 home sale to the Russian oligarch Dmitry Rybolovlev. Richard Dearlove, who headed the UK foreign-intelligence unit MI6 between 1999 and 2004, said in April that Trump borrowed money from Russia for his business during the 2008 financial crisis."
"The British publicist who helped set up the fateful meeting between Donald Trump Jr. and a group of Russians at Trump Tower in June 2016 is ready to meet with Special Prosecutor Robert Mueller's office, according to several people familiar with the matter. Rob Goldstone has been living in Bangkok, Thailand, but has been communicating with Mueller's office through his lawyer, said a source close to Goldstone."
"Russian Ambassador Sergey Kislyak said on Wednesday that it would take him more than 20 minutes to name all of the Trump officials he's met with or spoken to on the phone. ... Kislyak made the remarks in a sprawling interview with Russia-1, a popular state-owned Russian television channel."