OPM Under Fire Over Data Breach

Hack may be more than four times larger than initially suspected, sources say

By Aliah D. Wright Jun 24, 2015

On June 25, 2015, the U.S. Senate Committee on Homeland Security and Governmental Affairs will hold a public hearing to discuss a massive breach at the federal government’s HR agency, the Office of Personnel Management (OPM).

Officially, OPM isn’t saying how many people were caught up in the data breach. But sources have reportedly told CNN that the data of 18 million people were hacked—including present and former employees and individuals with security clearances, as well as the personnel files of job applicants. Other reports say the hacked information includes the names of the cleared individuals’ contacts with foreign nationals, their families, neighbors, and friends. The number of people affected was initially set at 4 million.

Officials have placed the blame for the attack on China.

During a hearing on June 18, OPM acknowledged that for years it didn’t employ basic security measures to safeguard its computer networks. The massive breach, which occurred in March 2014, was only revealed a few weeks ago.

Since then, Congress has held several hearings on the breach.

Michael Esser, OPM inspector general for audits, told senators that the agency failed to follow practical cybersecurity measures. Not only that, he said those in charge of OPM’s information technology division didn’t have the expertise required to keep data secure.

Esser reportedly told senators the inspector general audited the system and suggested the agency shut down some of its exposed networks, but agency director Katherine Archuleta refused, saying such a closure would hamper the agency’s work.

Lawmakers were outraged.

“You failed utterly and totally,” committee Chairman Jason Chaffetz, R-Utah, said during the hearing. “They recommended it was so bad that you shut it down and you didn't.”

The new hearing, Under Attack: Federal Cybersecurity and the OPM Data Breach, will include the following witnesses: Archuleta; Tony Scott, U.S. chief information officer of OPM; Andy Ozment, assistant secretary, Office of Cybersecurity and Communications of the U.S. Department of Homeland Security; and Patrick E. McFarland, inspector general of OPM.

Aliah D. Wright is an online editor/manager for SHRM. Reach her via Twitter @1SHRMScribe or on Facebook/aliahwrites.


Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect