OPM Data Breach Undetected For A Year

Since the U.S. Government announced a massive security breach on its U.S. federal computer networks at the beginning of June, new information on its origin and spillover effects make the headlines each week. Last week, The Washington Post reported that the hackers, which were reportedly sponsored by the Chinese Government, had access to U.S. security clearance data since June or early July 2014. That’s a full year.

Jeffrey Wagner, OPM director of information technology security operations, described how the OPM identified strange traffic towards opm.security.org., a domain they knew was not legitimate. Meawhile, CyTech Services Inc., a cybersecurity firm, claimed that it was the one who discovered the breach during a demo at the OPM.

“This is some of the most sensitive non-classified information I could imagine the Chinese getting access to,” said Stewart Baker, a former senior policy official in the Department of Homeland Security, to The Post.

So hackers (or the Chinese Government…) had plenty of time to serve themselves with juicy information. “The longer you have to exfiltrate the data, the more you can take,” Baker said. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”

According to Reuters, the massive breach, which is feared to have leaked industrial secrets and weapons plans, may have compromised data tied to as many as 4 million current or former federal employees. As as of last week, however, it was still unclear exactly how many or which employees were affected by the breach.

Everybody now is looking at OPM for some answers while tension is at its peak. In a congressional hearing, OPM Director Katherine Archuleta stated 10 million intrusion attempts are thwarted, on average, on a monthly basis. She denounced the “lack of investment in federal IT systems and a lack of efforts in both the public and private sectors to secure our Internet infrastructure.”

The U.S. has been a growing target for Chinese hackers in the past year. In April, 4.2 million employees were affected by another OPM hack. But American companies are also at risk. In February, health insurer Anthem was the victim of a massive data breach exposing 80 million individuals.

To check out what else is HOT in the world of payments, click here.