Three-quarters of U.S. OPM hack victims still in dark

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://townhall.com/news/politics-elections/2015/11/03/threequarters-of-us-opm-hack-victims-still-in-dark-n2075263

Fewer than a quarter of 21 million federal workers hit by a major computer
hack have been officially told that their personal information was
compromised, six months after the breach was detected, a U.S. government
official said on Tuesday.

About 5 million notifications about the hack have been sent out so far, a
spokesperson for the U.S. Office of Personnel Management (OPM) told Reuters
in an email.

The slowness of the notification process underscores Washington's struggles
in dealing with its computer vulnerabilities, a growing problem that the
Obama administration has been trying to address.

After it fell victim to two successive cyberattacks, both begun in 2014 and
revealed earlier this year, OPM was roundly criticized by lawmakers for its
response.

OPM had no immediate additional comment on the matter on Tuesday, or on its
expected notification timetable ahead.

Officials have privately blamed China for the OPM breach.

The Defense Information Systems Agency in September awarded a $1.8 million
contract to Advanced Onion, a technology firm, to help locate and notify
victims of the OPM breach, which exposed names, addresses, Social Security
numbers and other sensitive information of current and former federal
employees and contractors. About 5.6 million fingerprints were pilfered, an
upwardly revised number from an initial estimate of 1.1 million.

The notification process for the smaller of the two breaches, which
affected 4.2 million individuals, raised alarm when victims were asked to
follow instructions online in prompts that some said resembled phishing
scams. Others complained of long wait times with support call centers. That
episode prompted the government to pursue Advanced Onion to deal with the
larger breach, a process that took several months.

It has been six months since the larger OPM hack was detected, and more
than a year and a half since hackers first infiltrated the agency’s
databanks.

In July, OPM Director Katherine Archuleta resigned amid growing scrutiny of
the agency’s cybersecurity practices and its ability to respond to the
breaches.

Officials have offered three years of credit monitoring and identify-theft
monitoring services to hacked employees.

Despite the precaution, a prominent cybersecurity researcher said on Monday
there was no indication any hacked OPM data was for sale on the black
market, reaffirming the likelihood that the hackers were working for a
foreign country.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!