US OPM breach was preventable

By Dylan Bushell-Embling
Monday, 12 September, 2016

The high-profile data breach involving the theft of information from millions of US federal employees was preventable, a year-long House of Representatives investigation has found.

A damning report from the US House Oversight and Government Reform committee found that the Office of Personnel Management failed to prioritise cybersecurity despite repeated warnings leading up to last year’s breach that their data stores were vulnerable to attack.

The investigation also found that the OPM failed to implement a long-standing federal requirement to use multifactor authentication to control access to the network and misled the public on the extent of the damage of the breach.

Once OPM learned attackers were targeting such sensitive data, even by implementing basic required security controls such as multifactor authentication, the office could have significantly delayed, mitigated or even prevented the theft, the report states.

The report also includes quotes from former intelligence agency officials stating that the breach was “a significant blow” to US national security efforts, and that the damage will take decades to fix.

In an apparent coordinated campaign suspected of being orchestrated by overseas hackers, attackers last year stole the personnel files of 4.2 million former and current government employees as well as security clearance background information on 21.5 million acquaintances of these employees.

The report notes that the type of information stolen could be invaluable for foreign intelligence agencies looking to compromise government employees.

Image credit: ©lollo/Dollar Photo Club