OPM May Announce Size of Second Data Breach Next Week

The embattled federal agency is planning to reveal details about a breach of security-clearance information as soon as early next week, according to Hill sources.

National Journal
June 29, 2015, 2:32 p.m.

The Of­fice of Per­son­nel Man­age­ment up­dated con­gres­sion­al staffers Monday on the status of a re­view of its data-se­cur­ity sys­tems, but con­tin­ued to duck ques­tions about the ex­tent of a data breach that af­fected fed­er­al em­ploy­ees’ sens­it­ive back­ground-check data, ac­cord­ing to mul­tiple Hill sources.

OPM and the De­part­ment of Home­land Se­cur­ity held a joint con­fer­ence call with sev­er­al con­gres­sion­al of­fices to brief them on the on­go­ing in­vest­ig­a­tion in­to a pair of massive cy­ber-in­tru­sions dis­closed over the past month that of­fi­cials privately have linked to China.

One con­gres­sion­al staffer said OPM stated on the call that it is plan­ning to an­nounce as soon as next week the size of a second breach of its serv­ers, which ex­posed highly sens­it­ive se­cur­ity-clear­ance in­form­a­tion of in­tel­li­gence and mil­it­ary per­son­nel.

The agency pushed back against any sug­ges­tion that a defin­it­ive timeline was set for a new an­nounce­ment, however. “We will make a pub­lic an­nounce­ment when we have more de­tails to share,” OPM spokes­man Samuel Schu­mach said when asked about the call. “I just don’t know a spe­cif­ic date just yet.”

OPM of­fi­cials on the call said they had not yet reached a fi­nal de­term­in­a­tion about the scope of the second breach, ac­cord­ing to mul­tiple staffers, who would speak only on con­di­tion of an­onym­ity giv­en the sens­it­iv­ity of the call.

The es­tim­ates for the total num­ber of in­di­vidu­als af­fected by the data breach has in­creased in re­cent me­dia re­ports. Last week, CNN re­por­ted that tally could be as high as 18 mil­lion, giv­en that hack­ers had ac­cess to a data­base stor­ing se­cur­ity-clear­ance forms, known as SF-86, which pos­sess a mul­ti­tude of per­son­al in­form­a­tion about fam­ily mem­bers and oth­er close af­fil­i­ates.

Of­fi­cials used the call to dis­cuss the agency’s de­cision to sus­pend use of a Web-based sys­tem to fill out de­tailed back­ground in­vest­ig­a­tions, which it pub­licly an­nounced Monday. That sys­tem has a se­cur­ity flaw that will take sev­er­al weeks to fix, the agency said, but there is no evid­ence that the flaw was ex­ploited.

The of­fi­cials did not say how long the vul­ner­ab­il­ity had ex­is­ted be­fore it was dis­covered, or ex­actly what data was af­fected, ac­cord­ing to one con­gres­sion­al staffer who was on the call.

OPM has con­sist­ently said 4.2 mil­lion former and cur­rent work­ers were af­fected by a first hack of fed­er­al em­ploy­ee data. In testi­mony last week, OPM Dir­ect­or Kath­er­ine Archu­leta re­fused to give an es­tim­ate on how many em­ploy­ees were af­fected by what of­fi­cials have de­scribed as a dis­crete second breach of far more sens­it­ive se­cur­ity-clear­ance in­form­a­tion. The re­fus­al to provide a fig­ure is be­cause the in­vest­ig­a­tion is on­go­ing, Archu­leta said.

It is not yet clear wheth­er the second set of no­ti­fic­a­tions would be sent by the same con­tract­or that was in charge of the first wave of emails and let­ters to the 4.2 mil­lion in­di­vidu­als whose data may have been af­fected by the earli­er data breach at OPM.

That con­tract­or, CSID, was cri­ti­cized by law­makers and fed­er­al em­ploy­ees for send­ing no­ti­fic­a­tions by email that some as­sumed were an­oth­er at­tempt to de­fraud them. Mem­bers of Con­gress have also cited com­plaints about long wait times—up to three hours—for calls placed to the con­tract­or for help.

OPM paid CSID about $20 mil­lion for its no­ti­fic­a­tion ser­vices.

What We're Following See More »
White House Gives Up, Restores Acosta's Press Pass
7 hours ago

"The White House on Monday said that CNN correspondent Jim Acosta's press pass has been 'restored,' bowing to days of pressure and a federal lawsuit against the administration. CNN signaled that it would drop the ongoing litigation over Acosta's access to the White House."

Troops at Border to Begin Withdrawing
7 hours ago

"The 5,800 troops who were rushed to the Southwest border amid President Donald Trump’s pre-election warnings about a refugee caravan will start coming home as early as this week — just as some of those migrants are beginning to arrive. The timing is bound to fuel renewed accusations that the entire exercise amounted to a ploy by the president to use active-duty military forces as a prop to try to stem Republican losses in this month’s midterm elections, despite the absence of any legitimate threat to U.S. national security."

DeGette Drops Bid for Majority Whip
11 hours ago
Nelson Concedes as Scott Takes Florida Senate Seat
1 days ago

"Democratic Sen. Bill Nelson has conceded Florida’s Senate race to his Republican opponent Gov. Rick Scott following a hand recount. ...While there is a run-off still to come in Mississippi, the Scott win makes it most likely the Senate Republicans will hold a 53-47 majority in the 116th Congress."

Trump Says He's Completed Answers to Mueller's Questions
3 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.