Tag Archives: OPM

Government still hasn’t notified individuals whose personal data was hacked

Government marches on! Months after the federal government admitted publicly that the personal data of more than 20 million government employees had been hacked they still have not sent notifications to those millions.

Instead, they’ve turned this into an opportunity to spend taxpayer money for their friends!

The agency whose data was hacked, the Office of Personnel Management (OPM), said the Defense Department will begin “later this month” to notify employees and contractors across the government that their personal information was accessed by hackers. OPM said notifications would continue over several weeks and “will be sent directly to impacted individuals.”

OPM also announced that it hired a contractor to help protect the identities and credit ratings of employees whose data was hacked. In a statement, OPM said it had awarded a contract initially worth more than $133 million to a company called Identity Theft Guard Solutions LLC, doing business as ID experts, for identity theft protections for the 21.5 million victims of the security data breach. The contractor will provide credit and identity monitoring services for three years, as well as identity theft insurance, to affected individuals and dependent children aged under 18, the agency said.

I wonder if Theft Guard Solutions donated campaign money to Obama in order to get the contract. I don’t know, but I wouldn’t be surprised. I also wonder if they are as incompetent at this work as the company the Obama administration hired to build the Obamacare website. I also don’t know this, but I also wouldn’t be surprised if they screw up just as badly.

OPM ignored warnings last year its computers were insecure

An inspector general report last year had advised OPM to shut down many of its computer systems because they were running without sufficient security. The agency ignored that recommendation.

In the audit report published November 12, 2014, OIG found that 11 out of 47 computer systems operated by OPM did not have current security authorizations. Furthermore, the affected systems were “amongst the most critical and sensitive applications owned by the agency.” Two of the unauthorized systems are described in the report as “general support systems” which contained over 65 percent of all OPM computer applications. Two other unauthorized systems were owned by Federal Investigative Services, the organization which handles background investigations in connection with government security clearances. OIG warned bluntly, “any weaknesses in the information systems supporting this program office could potentially have national security implications.”

Because of the volume and sensitivity of the information involved, OIG recommended OPM “consider shutting down systems that do not have a current and valid Authorization.” But OPM declined, saying, “We agree that it is important to maintain up-to-date and valid ATOs for all systems but do not believe that this condition rises to the level of a Material Weakness.”

The head of OPM also claimed in House hearings yesterday that their failure to close these systems down was justified since the hackers were already in the system when the recommendation was made.

In other words, we didn’t do anything to make the system secure, and when hackers broke in it was further justification for not doing anything.

Yeah, let’s put our healthcare under their control also!