OPM May Announce Size of Second Data Breach Next Week

The embattled federal agency is planning to reveal details about a breach of security-clearance information as soon as early next week, according to Hill sources.

National Journal
June 29, 2015, 2:32 p.m.

The Of­fice of Per­son­nel Man­age­ment up­dated con­gres­sion­al staffers Monday on the status of a re­view of its data-se­cur­ity sys­tems, but con­tin­ued to duck ques­tions about the ex­tent of a data breach that af­fected fed­er­al em­ploy­ees’ sens­it­ive back­ground-check data, ac­cord­ing to mul­tiple Hill sources.

OPM and the De­part­ment of Home­land Se­cur­ity held a joint con­fer­ence call with sev­er­al con­gres­sion­al of­fices to brief them on the on­go­ing in­vest­ig­a­tion in­to a pair of massive cy­ber-in­tru­sions dis­closed over the past month that of­fi­cials privately have linked to China.

One con­gres­sion­al staffer said OPM stated on the call that it is plan­ning to an­nounce as soon as next week the size of a second breach of its serv­ers, which ex­posed highly sens­it­ive se­cur­ity-clear­ance in­form­a­tion of in­tel­li­gence and mil­it­ary per­son­nel.

The agency pushed back against any sug­ges­tion that a defin­it­ive timeline was set for a new an­nounce­ment, however. “We will make a pub­lic an­nounce­ment when we have more de­tails to share,” OPM spokes­man Samuel Schu­mach said when asked about the call. “I just don’t know a spe­cif­ic date just yet.”

OPM of­fi­cials on the call said they had not yet reached a fi­nal de­term­in­a­tion about the scope of the second breach, ac­cord­ing to mul­tiple staffers, who would speak only on con­di­tion of an­onym­ity giv­en the sens­it­iv­ity of the call.

The es­tim­ates for the total num­ber of in­di­vidu­als af­fected by the data breach has in­creased in re­cent me­dia re­ports. Last week, CNN re­por­ted that tally could be as high as 18 mil­lion, giv­en that hack­ers had ac­cess to a data­base stor­ing se­cur­ity-clear­ance forms, known as SF-86, which pos­sess a mul­ti­tude of per­son­al in­form­a­tion about fam­ily mem­bers and oth­er close af­fil­i­ates.

Of­fi­cials used the call to dis­cuss the agency’s de­cision to sus­pend use of a Web-based sys­tem to fill out de­tailed back­ground in­vest­ig­a­tions, which it pub­licly an­nounced Monday. That sys­tem has a se­cur­ity flaw that will take sev­er­al weeks to fix, the agency said, but there is no evid­ence that the flaw was ex­ploited.

The of­fi­cials did not say how long the vul­ner­ab­il­ity had ex­is­ted be­fore it was dis­covered, or ex­actly what data was af­fected, ac­cord­ing to one con­gres­sion­al staffer who was on the call.

OPM has con­sist­ently said 4.2 mil­lion former and cur­rent work­ers were af­fected by a first hack of fed­er­al em­ploy­ee data. In testi­mony last week, OPM Dir­ect­or Kath­er­ine Archu­leta re­fused to give an es­tim­ate on how many em­ploy­ees were af­fected by what of­fi­cials have de­scribed as a dis­crete second breach of far more sens­it­ive se­cur­ity-clear­ance in­form­a­tion. The re­fus­al to provide a fig­ure is be­cause the in­vest­ig­a­tion is on­go­ing, Archu­leta said.

It is not yet clear wheth­er the second set of no­ti­fic­a­tions would be sent by the same con­tract­or that was in charge of the first wave of emails and let­ters to the 4.2 mil­lion in­di­vidu­als whose data may have been af­fected by the earli­er data breach at OPM.

That con­tract­or, CSID, was cri­ti­cized by law­makers and fed­er­al em­ploy­ees for send­ing no­ti­fic­a­tions by email that some as­sumed were an­oth­er at­tempt to de­fraud them. Mem­bers of Con­gress have also cited com­plaints about long wait times—up to three hours—for calls placed to the con­tract­or for help.

OPM paid CSID about $20 mil­lion for its no­ti­fic­a­tion ser­vices.

What We're Following See More »
CNN DROPS LITIGATION
White House Gives Up, Restores Acosta's Press Pass
7 hours ago
THE LATEST

"The White House on Monday said that CNN correspondent Jim Acosta's press pass has been 'restored,' bowing to days of pressure and a federal lawsuit against the administration. CNN signaled that it would drop the ongoing litigation over Acosta's access to the White House."

Source:
WAS IT A POLITICAL PLOY?
Troops at Border to Begin Withdrawing
7 hours ago
THE LATEST

"The 5,800 troops who were rushed to the Southwest border amid President Donald Trump’s pre-election warnings about a refugee caravan will start coming home as early as this week — just as some of those migrants are beginning to arrive. The timing is bound to fuel renewed accusations that the entire exercise amounted to a ploy by the president to use active-duty military forces as a prop to try to stem Republican losses in this month’s midterm elections, despite the absence of any legitimate threat to U.S. national security."

Source:
CLEARS THE WAY FOR CLYBURN
DeGette Drops Bid for Majority Whip
11 hours ago
THE LATEST
MISSISSIPPI RUNOFF IS ALL THAT REMAINS
Nelson Concedes as Scott Takes Florida Senate Seat
1 days ago
THE LATEST

"Democratic Sen. Bill Nelson has conceded Florida’s Senate race to his Republican opponent Gov. Rick Scott following a hand recount. ...While there is a run-off still to come in Mississippi, the Scott win makes it most likely the Senate Republicans will hold a 53-47 majority in the 116th Congress."

Source:
BUT NOT SUBMITTED THEM
Trump Says He's Completed Answers to Mueller's Questions
3 days ago
THE LATEST
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login