IT disaster recovery, cloud computing and information security news

Daisy

Huge data breach impacts US Office of Personnel Management: raises questions

The US Office of Personnel Management (OPM) has issued a statement confirming that a cybersecurity incident affecting its systems and data may have compromised the personal information of many current and former Federal employees.

OPM became aware of the incident in April 2015 which happened some time ago, although OPM is vague about exactly when it occurred.

OPM states that: “Since the incident was identified, OPM has partnered with the US Department of Homeland Security’s US Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel. And OPM immediately implemented additional security measures to protect the sensitive information it manages.”

Beginning June 8th and continuing through June 19th, OPM will be sending notifications to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident.

The incident raises various questions:

  • How long ago did the breach occur and how long have compromised records been in the hands of the attackers?
  • If the breach was detected in April 2015 why will it take until June 8th for affected individuals to be informed? The extended delay increases the risk that personal data will be used for the purposes of fraud and identify theft.
  • Why has the OPM published details of exactly when emails will be sent to individuals, along with details of the email address that emails will come from (opmcio@csid.com) as well as giving information about what the email will contain? This simply gives phishers an open door. Federal employees (along with others caught in the crossfire) will receive multiple phishing emails starting on June 8th purportedly coming from the opmcio@csid.com address.

Make a comment.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.