Privacy Monday - June 15, 2015 - OPM Hack

By Cynthia J. Larose

The news continues to pour in about the two-part massive hack into the federal government's Office of Personnel Management (OPM) and the compromise of personal information of millions of present and former federal employees.

Today's Privacy Monday has 3 things you should know about the incident --

To start, Brian Krebs has published a top-notch “tick tock” of events preceding the massive federal breach, followed by his analysis.   Check that reporting out on Krebs on Security.

Federal Government Massive Hack Update – “Crown Jewels”

The stories keep coming related to the hacks at the Office of Personnel Management (OPM).   We have written about the previous massive cyber intrusion at the OPM – the “HR” office for the federal government – compromising records of more than 4 million current and past federal employees.   Late last week, the Obama administration confirmed an Associated Press report that the breach was much larger – or was a different breach – than originally disclosed. The latest hack appears to have compromised the database of security clearance forms and supporting documentation for those federal employees and contractors who have been cleared for access to classified information.   The hackers are believed to have stolen records related to the Standard Form-86 used for background checks and it contains highly sensitive personal information.

Read more – Newly disclosed hack got “crown jewels – Politico

Sex, lies, and debt potentially exposed by the latest hack of US data from China – Business Insider

Hack of OPM reportedly exposed second set of much more sensitive data - arstechnica

“30 Day Cybersecurity Sprint” Ordered for Federal Agencies

This may be closing the door after the horse is already out of the barn … but … Tony Scott, the federal government’s Chief Information Officer, has announced a “30-day cybersecurity sprint” aimed at requiring federal agencies to harden security measures and improve the resilience of federal networks. The Sprint Team will consist of representatives from the Department of Homeland Security, the Office of Management and Budget’s E-Gov Cyber and National Security Unit, the National Security Council Cybersecurity Directorate and the Department of Defense. After the review period, Scott announced that he will establish action plans and recommend a federal civilian cybersecurity strategy.

Read more – White House rushes to strengthen cyber defenses as hack fallout grows – The Hill

White House tells agencies to tighten up cyber defenses “immediately” – Nextgov

OPM Can Find Some of its Missing Data – on the Dark Web

According to several reports, alleged copies of OPM data have appeared on the dark web.

Security Affairs details a site alleged hawking OPM data and that it “is being traded actively.” Motherboard reports that a database dump it discovered contains over 23,000 government email addresses – more than 9,000 .gov email addresses and almost 12,000 .mil email addresses. There has been no further independent confirmation as yet of the accuracy or source of the report.

 

 

 

 

Subscribe To Viewpoints

Published

Viewpoint Topics

Professionals

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.