OPM breach?

[zaxrex]

So, if the OPM records were accessed by the Chinese, and they carry out 90% of security clearance investigations, I should have no problem getting a visa to go to China since they have all of my info already, right?

[GaToR]

So, if the OPM records were accessed by the Chinese, and they carry out 90% of security clearance investigations, I should have no problem getting a visa to go to China since they have all of my info already, right?

Homer! Our son joined the army!
Eh. Big deal. By the time Bart's 18 we're gonna control the world. We're China, right?

. . .

What a bleak and horrible future we live in!
Don't you mean "present"?
Right, right. Present.

[Sabre]

lol, have fun turning in that paper work!

[ElZorro]

If you were effected you should receive a letter in the next two weeks.

[Mr Kleen]

If you were affected you should receive fraudulent credit charges in the next two days.

[Mr Kleen]

Report: Hack of government employee records discovered by product demo

Security tools vendor found breach, active over a year, at OPM during sales pitch.

As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM's security. An OPM statement on the attack said that the agency discovered the breach as it had "undertaken an aggressive effort to update its cybersecurity posture." And a DHS spokesperson told Ars that "interagency partners" were helping the OPM improve its network monitoring "through which OPM detected new malicious activity affecting its information technology systems and data in April 2015."

Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta and Hughes reported.

And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it's still not even clear what data was accessed by the attackers.

Meanwhile, the breach has triggered outrage from unions representing federal employees. In a letter to OPM Director Katherine Archuleta, American Federation of Government Employees president J. David Cox expressed displeasure at the way OPM had handled the breach, calling the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees "entirely inadequate, either as compensation or protection from harm."

And he expressed concern about the extent of the breach. "Based on the sketchy information OPM has provided, we believe the Central Personnel Data file was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees," he stated. "We believe that the hackers have every affected person's Social Security number(s), military records and veterans' status information, address, birth date, job and pay history, health insurance, life insurance, and pension information; age, gender, race, union status, and more. Worst, we believe the Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous."

Cox demanded that federal employees be allowed to use their government computers "on duty time to attempt to protect themselves from this breach." He said OPM's outsourcing of the responsibility for handling questions about the breach "adds insult to injury," and that federal employees "deserve more than a difficult-to-navigate website and call center contractors who do not know the answers to questions that go beyond a FAQ template."

"AFGE will issue demands to bargain for represented workers, and we ask that you make certain that management is apprised of its responsibility to respond appropriately," he added.

[Mr Kleen]

So, did CyTech get the gig?

LO... L?

[Sabre]

I hope so, lol

[complacent]

the post is claiming it does include security clearance records. oof.

[Mr Kleen]

I'm just going to paint my SSN, DOB, and mother's maiden name on the side of my car...

[Sabre]

Makes me wonder what level of clearances are indicated. It's one thing if it's public trust, it's another if it SCI with A,B,C,D,E, etc.

[HappyIdiot]

Report: Hack of government employee records discovered by product demo

... the 18 months of credit monitoring and $1 million liability insurance OPM is offering federal employees...

Does this mean contractors get the short end of the stick, as usual?

[Sabre]

lol, more than likely

[Mr Kleen]

Do you really have to ask that question?

[ElZorro]

The free credit monitoring isn't going to help when you go to visit China as a tourist and you get disappeared into the back of a black van.

[zaxrex]

Shut
The
Duck
Up
I formally request that I be transported in a white van.

[Mr Kleen]

Now there's rumor that the contract to provide the "credit monitoring" wasn't correctly executed. Just after I entered all my info there. FML...

[ElZorro]

I think I have about 5 layers of free credit monitoring at this point. We need to raise the penalty (and reimbursement to consumers/employees/etc). Companies are doing the math, see giving out free credit monitoring (that at this point is going for like $10/pp in bulk) as cheaper than making security improvements. Everyone is getting hacked, and its not effecting consumer behavior.

[Sabre]

consumer OR company. Agreed, more needs to be done.

[Mr Kleen]

Companies are doing the math, see giving out free credit monitoring (that at this point is going for like $10/pp in bulk) as cheaper than making security improvements.

Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.

Woman on plane: Are there a lot of these kinds of accidents?

Narrator: You wouldn't believe.

Woman on plane: Which car company do you work for?

Narrator: A major one.

[ElZorro]

Oh, that's exactly what's going on. (And I'm reading that book right now too)

[Mr Kleen]

The movie is much, much better. Probably the only time I've ever said that.