The news continues to pour in about the two-part massive hack into the federal government's Office of Personnel Management (OPM) and the compromise of personal information of millions of present and former federal employees.
Today's Privacy Monday has 3 things you should know about the incident --
To start, Brian Krebs has published a top-notch “tick tock” of events preceding the massive federal breach, followed by his analysis. Check that reporting out on Krebs on Security.
Federal Government Massive Hack Update – “Crown Jewels”
The stories keep coming related to the hacks at the Office of Personnel Management (OPM). We have written about the previous massive cyber intrusion at the OPM – the “HR” office for the federal government – compromising records of more than 4 million current and past federal employees. Late last week, the Obama administration confirmed an Associated Press report that the breach was much larger – or was a different breach – than originally disclosed. The latest hack appears to have compromised the database of security clearance forms and supporting documentation for those federal employees and contractors who have been cleared for access to classified information. The hackers are believed to have stolen records related to the Standard Form-86 used for background checks and it contains highly sensitive personal information.
“30 Day Cybersecurity Sprint” Ordered for Federal Agencies
This may be closing the door after the horse is already out of the barn … but … Tony Scott, the federal government’s Chief Information Officer, has announced a “30-day cybersecurity sprint” aimed at requiring federal agencies to harden security measures and improve the resilience of federal networks. The Sprint Team will consist of representatives from the Department of Homeland Security, the Office of Management and Budget’s E-Gov Cyber and National Security Unit, the National Security Council Cybersecurity Directorate and the Department of Defense. After the review period, Scott announced that he will establish action plans and recommend a federal civilian cybersecurity strategy.
OPM Can Find Some of its Missing Data – on the Dark Web
According to several reports, alleged copies of OPM data have appeared on the dark web.
Security Affairs details a site alleged hawking OPM data and that it “is being traded actively.” Motherboard reports that a database dump it discovered contains over 23,000 government email addresses – more than 9,000 .gov email addresses and almost 12,000 .mil email addresses. There has been no further independent confirmation as yet of the accuracy or source of the report.