Showing posts with label OPM. Show all posts
Showing posts with label OPM. Show all posts
Saturday, July 11, 2015
Friday, July 10, 2015
[VIDEO] [BREAKING] OPM director Katherine Archuleta resigns in wake of data breach
U.S. personnel chief Katherine Archuleta resigned Friday in the wake of massive data breach that allowed hackers to steal the records of more than 21 million people under her watch, Fox News confirmed.
Archuleta submitted her resignation to President Obama Friday morning. Her resignation is effective at the close of business today.
She will be replaced by Beth Cobert, who currently works in the White House budget office, White House sources told Fox News.
"This is the absolute right call,” House Oversight and Government Reform Chairman Jason Chaffetz said in a written statement following the announcement. “OPM needs a competent, technically savvy leader to manage the biggest cybersecurity crisis in this nation's history. The IG has been warning about security lapses at OPM for almost a decade. This should have been addressed much, much sooner but I appreciate the President doing what's best now.”
Calls for Archuleta to go grew in recent weeks following a massive government data breach on her watch.
Less than 24 hours earlier, Archuleta had rebuffed demands that she resign, telling reporters she had no intention of leaving and that her agency was doing everything it could to address concerns about the safety of data in its hands.
But on Friday morning, Archuleta told Obama it was best for her to step aside to let new leadership respond to the recent breaches and to improve systems to lessen risks in the future.
White House spokesman Josh Earnest insisted Friday that Archuleta submitted her resignation at her own volition, and added it is "quite clear" to the president that new leadership at OPM is desperately needed.
In a statement, Archuleta made no direct reference to the data breach, saying only that she believed it was best to allow the agency to "move beyond the current challenges." She praised the agency's employees as "some of the most dedicated, capable and hardworking individuals in the federal government."
"I have complete confidence in their ability to continue fulfill OPM's important mission of recruiting, retaining and honoring a world-class workforce to serve the American people," Archuleta said.
Archuleta's position appeared to become unsustainable given the scope of the data breach and the mounting calls from lawmakers in both parties for her to resign. On Thursday, within hours of the Obama administration releasing new details about the scope of the breach, House Republican leaders demanded new leadership in the agency, and a number of Democrats followed.
California Rep. Adam Schiff, the senior Democrat on the House Intelligence Committee, said Archuleta's resignation "will help to restore confidence in an agency that not only poorly defended sensitive data of millions of Americans but struggled to respond to repeated intrusions."
"This change in leadership is also an acknowledgement that we cannot simply place blame on the hackers, but need to take responsibility for the protection of personal information that is so obvious a target," Schiff said.
Thursday, July 9, 2015
[BREAKING] OPM Announces More Than 21 Million Affected by Second Data Breach
More than 21 million Social Security numbers were compromised in a breach that affected a database of sensitive information on federal employees held by the Office of Personnel Management, the agency announced Thursday.
That number is in addition to the 4.2 million social security numbers that were compromised in another data breach at OPM that was made public in June.
Of the 21.5 million records that were stolen, 19.7 million belonged to individuals who had undergone background investigation, OPM said. The remaining 1.8 million records belonged to other individuals, mostly applicants' families.
The records that were compromised include detailed, sensitive information about the individuals, including fingerprint data. OPM says 1.1 million compromised files included fingerprints.
Beyond the fingerprints and Social Security numbers, some of the files in the compromised database included "residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details," OPM said.
Some records included "findings from interviews conducted by background investigators," and some included the usernames and passwords that applicants used to fill out investigation forms. And although separate systems that store health, financial, and payroll information do not appear to have been compromised, the agency says some mental health and financial information is included in the security clearance files that were affected by the hack.
This data breach, which officials have privately linked to China, began in May 2014, according to OPM Director Katherine Archuleta's testimony before Congress. It was not discovered until May 2015.
A security update applied by OPM and the Department of Homeland Security in January 2015 ended the bulk of the data extraction, according to congressional testimony from Andy Ozment, assistant secretary for cybersecurity and communications at DHS, even though the breach would not be discovered for months.
An OPM statement said that individuals who underwent background investigations in or after the year 2000 are "highly likely" to have had their information compromised in the breach. (This includes both new applicants and employees that were subject to a "periodic reinvestigation" during that time.) But those who were investigated before 2000 may also have been affected.
News of the second intrusion was first reported in June and was described as a potentially devastating heist of government data, as hackers seized extensive security-clearance information intelligence and military personnel. OPM said at the time that it became aware of the second hack while investigating the smaller breach that affected 4.2 million, which was disclosed earlier in June.
The size of the breach exceeds most of the estimates previously reported in various media outlets, including CNN, which said last month that the FBI believed 18 million people had been affected by the hack.
The personnel agency said Thursday that it has not seen any indication that the stolen information has been "misused" or otherwise disseminated.
Saturday, July 4, 2015
Feds Get Serious Over Computer Hacking: Charges Pending In OPM Baseball Team’s Data Breach
Federal investigators are recommending charges against at least one St. Louis Cardinals employee for allegedly intruding on a rival baseball team’s database, a report says.
The investigation accuses one or more Cardinals employees of accessing a Houston Astros database tracking player development, according to CNN.
It is also probing whether senior Cardinals management was aware of the spying.
Federal investigators are recommending charges against at least one St. Louis Cardinals employee for allegedly intruding on a rival baseball team’s database, a report says.
The investigation accuses one or more Cardinals employees of accessing a Houston Astros database tracking player development, according to CNN.
It is also probing whether senior Cardinals management was aware of the spying.
CNN said one or more Cardinals front-office staffers might have violated federal law by accessing the Astros’ database, known as Ground Control.
The potential breach came after former Cardinals employee Jeff Luhnow left to be Houston’s general manager.
The investigation accuses the Cardinals of then unfairly prying into the Astros’ database amid concerns Luhnow had taken the Cardinals’ proprietary information to his new employer.
Luhnow has told investigators the Astros generated their own database system independently of his previous work in St. Louis.
Friday’s report follows the Cardinals’ announcement earlier this week that it had fired Chris Correa, the team’s director of scouting.
Correa was one of the investigation’s targets, CNN reported.
Cardinals General Manager John Mozeliak refused comment on his former employee’s release Thursday.
“I can confirm he was on administrative leave and was terminated yesterday,” he said Friday.
“I think, at this time, it’s just best to understand that it’s an open investigation and any other comments are not in anybody’s best interest,” Mozeliak added.
CNN said the FBI’s Houston office has completed its inquiry and is now awaiting action from the U.S. Attorney’s office.
The FBI’s Houston branch declined additional insight on its efforts.
“The FBI aggressively investigates all potential threats to public and private sector systems,” said FBI spokeswoman Shauna Dunlap.
“Once our investigations are complete, we pursue all appropriate avenues to hold accountable those who pose a threat in cyberspace,” she added.
Thursday, July 2, 2015
Congress’s ObamaCare ‘Small Business’ Fraud
Americans fed up with the unbridled arrogance of the nation’s “ruling class” are about to be further infuriated.
As American Commitment president Phil Kerpen reveals, there’s yet another outrageous scandal occurring on Capitol Hill, where the House and Senate have falsely certified themselves as small businesses so they can fund themselves and their staffs with taxpayer-funded health insurance—sidestepping ObamaCare provisions in the process. “They conspired to break the law,” Kerpen told Front Page.
In an interview with Newsmax TV, Kerpen reminded viewers that Americans had “demanded” Congress enter the healthcare exchanges like everyone else. Nevertheless, when the time came for members of Congress and their staffs to be subjected to the very same law they imposed on the public, “members of Congress of both parties didn’t want to do it,” Kerpen noted. “They didn’t want to lose taxpayer funding for their premiums for themselves and their staff.”
To avoid being treated like every other American, members of Congress cut a deal with President Obama. He obliged them with an Office of Personnel Management (OPM) rule change in 2013, insulating these insiders from the premium increases of between $5000 and $10,000 per person they would have otherwise faced if they were forced give up their taxpayer-subsidized policies and buy their insurance through the ObamaCare exchanges. The change was instituted because Senator Chuck Grassley (R-IA) had inserted a provision in ObamaCare stating that members of Congress and their staffs had to be covered by plans “created” by the Affordable Care Act or “offered through an exchange.” “That was probably the only good provision they put in the bill,” Kerpen remarked to FP.
And though they managed to wiggle their way around that provision, Congress still had a problem, because individual exchanges contained no mechanism for employer contributions. So Congress filed falsified documents containing the ludicrous claim that the House and Senate each have less than 50 employees, allowing them to qualify under the “small business” provisions contained in the healthcare bill. The sheer audacity of that claim is belied by the reality that more than 13,700employees have signed up for the plan. “What they did is they lied,” Kerpen explained. “They filed false documents, one claiming the U.S. House of Representatives has less than 50 employees, another claiming the U.S. Senate has less than 50 employees.”
The falsifications contained in the documents were outrageous. As National Review’s Brendan Bordelon reveals, the “application said Congress employed just 45 people. Names were faked; one employee was listed as ‘First Last,’ another simply as ‘Congress,’” he writes.
Via: Canada Free Press
Continue Reading....
Tuesday, June 30, 2015
The OPM Hack and Obama’s Politicization of the Federal Bureacracy
By now, it’s clear that hackers — believed to be tied to the Chinese government – stole files from the Office of Personnel Management that amount to a giant “how to blackmail anyone in the federal government” manual. This was America’s “cyber 9/11,” exposing an administration full of true believers in the expansion of government who can’t handle the most basic tasks of secret-keeping.
How does a government failure so consequential — a foreign power accessing 18 million confidential records, including the intimate personal details of federal workers’ infidelity, drug abuse, and personal debts uncovered during the background-check process for security clearances — happen?
For many Obama critics on and off the Hill, the answer lies in a troubling pattern of incompetent management from Obama appointees selected more for their political loyalty than for their expertise, skill, or leadership abilities.
RELATED: Why Are We Ignoring a Cyber Pearl Harbor? Before becoming the head of OPM,
Katherine Archuleta had no background in the kind of work the agency does. Archuleta, a lawyer and former Clinton administration official, was national political director for President Obama’s reelection campaign. She served as the chief of staff to Secretary of Labor Hilda SolÃs, and was the City of Denver’s lead planner for the 2008 Democratic National Convention. Like the president, she has roots in “community organizing”: She co-founded the Latina Initiative, a Colorado organization aimed at getting more Hispanic voters involved in politics. (In 2011, the Latina Initiative suspended its operations, citing insufficient funding.) Nothing in this record suggests any expertise in the vitally important human resources and record-keeping functions OPM is supposed to serve.
Before the hack, Archuleta’s primary goals at OPM appeared to be increasing the diversity of the federal workforce and implementing Obamacare’s changes to federal workers’ health-insurance options.
Sunday, June 28, 2015
GOP lawmakers call on Obama to fire OPM chief after massive data breach
WASHINGTON – House Oversight and Government Reform Committee Chairman Jason Chaffetz, along with 17 other Republican lawmakers, on Friday called on President Obama to fire the embattled officials whose agency fell victim to a massive hack exposing federal employee data and security clearance information.
Echoing statements he recently made at a House hearing, Chaffetz and the other lawmakers blamed Katherine Archuleta, director of the Office of Personnel Management, for the breach that’s been described as one of the worst in U.S. history. Chief Information Officer Donna Seymour should also be dismissed, a letter to Obama states.
“Simply put, the recent breach was entirely foreseeable, and Director Archuleta and CIO Donna Seymour failed to take steps to prevent it from happening despite repeated warnings,” the two-page letter states.
Officials are still exploring the extent of the breach. Though it was initially reported that about 4 million people were affected, lawmakers have since been told a pair of hacks are expected to affect at least 18 million -- and as many as 30 million.
According to the Inspector General’s FY 2014 audit, 11 out of 47 major information systems at OPM lacked proper security authorization. Five of those systems were under Seymour.
Saturday, June 27, 2015
GUEST EDITORIAL: Federal data breach so much worse
From The Dallas Morning News
As suspected or feared, the foreign hacking of U.S. government personnel data is far more expansive — and devastating — than originally admitted. This, no doubt, is why U.S. Rep. Michael McCaul, R-Texas, called it “the most significant breach of federal networks in U.S. history.”
Initially estimated at affecting 4 million current or former government workers, the damage could be up to 14 million or more — including military and intelligence employees.
That shifted the comparison from annoying private-sector hacks like a Target or Home Depot to something that could endanger lives. …
What this hack apparently exposed was virtually every Standard Form 86 filled out by current and former government employees.
This 127-page form demands an applicant’s personal information, as well as details of relations, friends and current and former professional contacts.
Losing control of this information is potentially far more devastating than a stolen Social Security number, although millions of those are now in foreign hands, too.
It takes little imagination to see Chinese hackers using such breached data to track down relatives of U.S. officials abroad or scraping up evidence of love affairs or drug abuse that could be used to blackmail Americans in the field or possibly reveal covert operatives.
Officially, China has denied involvement.
“The potential loss here is truly staggering and, by the way, these records are a legitimate foreign intelligence target,” said retired Gen. Michael Hayden, a former CIA and NSA director. “This isn’t shame on China. This is shame on us.”
Indeed, the government was told of Office of Personnel Management’s systemic vulnerability eight years ago and apparently did little about it. According to an Ars Technica report, OPM had no IT staff until 2013.
It also had little idea about the scale of the data on its servers or how it was organized. Malware injected onto its network probably did its dirty work for a year or longer and reportedly was discovered only by chance during a product demonstration.
Some critics have labeled the hack as America’s cyber Pearl Harbor, and parallels to pre-Dec. 7, 1941, complacency are daunting.
What’s stolen is lost — and will endanger U.S. personnel for years — but the government must use this massive failure as a guide to better allocate resources and target security spending. Cyber-threats like this one will only intensify; so, too, must U.S. defenses.
Thursday, June 25, 2015
[VIDEO] OPM HEAD UNSURE OF FILES IT MAINTAINS, HOW MANY PEOPLE’S INFORMATION EXPOSED
Office of Personnel Management Director (OPM) Katherine Archuleta was unsure of how many employees and retirees’ information her agency oversees and might have been breached in testimony before the House Oversight Committee on Wednesday.
Archuleta was asked by Chairman
Rep. Jason Chaffetz (R-UT)
80%
how many federal employees and retirees her agency has personally identifiable information for. She responded, “We have 2.7 individuals who are full-time employees, and 2.4 who are –” before Chaffetz cut her off to say, “No, I asked you — you have personal, identifiable information for how many employees and retirees?”
Archuleta continued, “The number I just gave you includes the number of employees and retirees, and personally identifiable information within those files depends on whether they’ve had a background investigation or whether their personnel file –” Chaffetz again cut in, asking, “How many records do you have?”
Archuleta then told Chaffetz she will ask someone else, he told Archuleta that as the head of the agency, she should know. He then read a letter she wrote the Appropriations chairs in the House and the Senate that said her agency had the personal, identifiable information for 32 million federal employees and retirees. Chaffetz then asked, “Are you here to tell me that that information is all safe or is it potentially 32 million records that are at play here?”
She answered, “As I mentioned to you earlier in my testimony, Mr. Chairman, we’re reviewing the number, and the scope of the breach and the impact to all of the records.” Chaffetz asked, “So, it could be as high as 32 million? Is that right?” He was told that Archuleta “will not give a number that is not completely accurate.”
Chaffetz continued to press the issue, stating he was only asking for a range, not an exact number and wondering if 32 million people’s information could be exposed. “I’m not going to give you a number that I am not sure of.”
Chaffetz then asked, “And when they fill out the SF86, that would include other people that identified within those forms, correct?” Archuleta answered that this was correct. He then asked if there was an average number of people who are identified on an SF86, to which he was told that there is no average that Archuleta knows of.
The questioning concluded with Chaffetz asking, “When you asked for $32 million more in your budget request, it was because you had 32 million federal employees identified, and former employees, correct?” Archuleta answered, “That — the number of employees that we have, yes, we’re asking for support for our cybersecurity –
Monday, June 22, 2015
After the Power Grabs: Gov Doesn’t Care What Happens to Us – It’s On to the Next Grabs
How many times has government royally messed up something? And not fired anyone? Or done anything that remotely resembles improving their performance?
Oh so very often. In part because they don’t care – once they have the power, they don’t care what happens to us. In part because they are too busy planning their next grabs.
A pristine example?
First the government must own up to its failure. Then the feds should follow this plan to fix it.
Good luck with that.
Except:
Did government yet again ignore the rules they mandate we follow?
At least the government immediately realized the breach, right?
The considerable lag time between breach and discovery means that the adversary had more time to pull off a cyber-heist of consequence….
Well it’s just the one, right?
The second intrusion “involved a different system and a different set of data, and I think you could logically conclude that … a larger amount of data and information was potentially affected,” (White House spokesman Josh) Earnest said.
Government vigilance – there’s nothing like it.
FlashCritic: China Gets Pass from Obama on ‘Devastating’ OPM Hack to Preserve Strategic Dialogue and Summit
The Obama administration continues to play down one of the nation’s most damaging Chinese cyber espionage operations in order to maintain a dialogue with China and host a summit for its leader this fall.
Weeks after the discovery that millions of personal records on federal workers was stolen by Chinese hacker in an intelligence operation, the president and his advisers failed to condemned the state-sponsored security breach whose damage continues to worsen almost weekly.
The Obama administration, in a sign of its apparent unwillingness to take any steps against China for the hacking, will go ahead with the hosting this week of the latest Strategic and Economic Dialogue in Washington. The dialogue is known for producing little in the way of tangible results of regular meetings between senior U.S. and Chinese officials. The questionable diplomacy is said its supporters to advance U.S. interests. However, keeping secret the Chinese connection to the cyber attack is likely to encourage further attacks.
Daniel Russel, assistant secretary of state for East Asia, made no mention in a briefing for reporters whether the Chinese role in the OPM hack would be discussed at the dialogue, which begins Tuesday.
Instead, he said cyber security would be discussed in the Strategic Security Dialogue that he said, “really is germane to building a relationship of trust between the U.S. and China. It’s an important common concern.”
China has denied any role in the OPM attack, as it has done in the past when Chinese hacking has been exposed on numerous occasions.
“We don’t always see eye to eye, but the fact is that global challenges require that we cooperate,” Russel said.
Friday, June 19, 2015
Why the latest government hack is worse than the Snowden affair
Office of Personnel Management (OPM) Director Katherine Archuleta testifies on Capitol Hill on Tuesday. (Cliff Owen/Associated Press
When you read about the recent hack of the Office of Personnel Management (OPM), in which China is thought to have filched millions of security clearance application forms, you might have shrugged your shoulders. Just another hack, right? No big deal, right? Wrong. This cyber burglary is an even greater intelligence catastrophe than the Edward Snowden affair. And our negligent leaders, bureaucracies and their contractors need to be held responsible.
When I applied for my security clearance in 2010, as I was preparing to work with the U.S. Army in Afghanistan as a social scientist, I filled out a long form called an SF-86. Practically everyone with a federal government security clearance knows this document. It takes a lot of time to complete and requires in-depth disclosures of a very personal nature. My SF-86 contains my Social Security number, information about my credit history, my job history (including a dispute with a past employer), contact information for my closest friends and family in the United States and abroad, all non-Americans with whom I am close, a list of every foreign official I ever met, every place I lived and people who could verify that I lived there, and much more. If I had ever been arrested or had any history of drug abuse, I would have had to report that, too.
So you can understand my frustration when I discovered that China had likely hacked the OPM and two of its contractors and made off with at least 4 million SF-86s on former, current and prospective U.S. government workers.
Beyond narrow concerns about identity theft, think about the national security implications.
Via: Washington Post
Continue Reading.....
Sunday, June 14, 2015
Former Top Counterintel Official: Hack 'Tells the Chinese the Identities of Almost Everybody Who Has Got a U.S. Security Clearance'
FILE - In this June 5, 2015, file photo, a gate leading to the Homeland Security Department headquarters in northwest Washington. Hackers stole personnel data and Social Security numbers for every federal employee, a government worker union said Thursday, June 11, 2015, charging that the cyberattack on U.S. employee data is far worse than the Obama administration has acknowledged. (AP Photo/Susan Walsh, File)
WASHINGTON (AP) — Deeply personal information submitted by U.S. intelligence and military personnel for security clearances — mental illnesses, drug and alcohol use, past arrests, bankruptcies and more — is in the hands of hackers linked to China, officials say.
In describing a cyberbreach of federal records dramatically worse than first acknowledged, authorities point to Standard Form 86, which applicants are required to complete. Applicants also must list contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant are required.
In a statement, the White House said that on June 8, investigators concluded there was "a high degree of confidence that ... systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated."
"This tells the Chinese the identities of almost everybody who has got a United States security clearance," said Joel Brenner, a former top U.S. counterintelligence official. "That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That's a gold mine. It helps you approach and recruit spies."
The Office of Personnel Management, which was the target of the hack, did not respond to requests for comment. OPM spokesman Samuel Schumach and Jackie Koszczuk, the director of communications, have consistently said there was no evidence that security clearance information had been compromised.
Subscribe to:
Posts (Atom)
Popular Posts
-
'It's A Great Opportunity For Me Personally, It's Great Opportunity For Our State' ASBURY PARK, N.J. (CBSNewYork) –...
-
And then some. Via: Weasel Zippers
-
FOX NEWS INSIDER - Wednesday on Hannity, Michelle Malkin railed against the “steaming hypocrisy” of the Democrats now in power. ...
-
Click here to view Video!! As the Obamacare website launch deadline approached, Health and Human Services Secretary Kathleen Sebeli...
-
You think ? CNN’s Elise Labott noted yesterday that Bryan Pagliano’s decision to plead the Fifth rather than testify before Congress — a...
-
Los Angeles City Council President Herb Wesson made headlines earlier this month by declaring that Los Angeles lacks a strategy to attra...