Millions of American government employees, former employees, contractors and more have had their most personal and private information breached by hackers, because the government failed to take the necessary steps to protect those records.
According to Politico, “Administration officials have said privately that signs point to the first hack having originated in China, and security experts have said it appeared to be part of a Chinese effort to build dossiers on federal employees who might be approached later for espionage purposes.”
It is an outrageous and unacceptable breach of trust.
The federal government, through the Office of Personnel Management (OPM), interviews everyone who requires any sort of security clearance, and asks the most detailed and personal questions about past associations, indiscretions and behavior, to make sure nothing in their past could subject them to blackmail or subversion.
Trending: Will Oregon Voters Defund Abortions?
The interviews extend to friends and associates of those being vetted, and those people are also in the databases that have been breached. But now it has come to light that OPM failed to hold up the Obama administration’s end of the bargain by not doing everything they could to protect those records.
According to David Cox, the national president of the American Federation of Government Employees, in a letter to the OPM director, “We believe that hackers have every affected person’s Social Security number(s), military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance and pension information; age, gender, race, union status, and more. Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”
The Obama administration initially downplayed the cyber hack of the OPM, which centrally manages records for current and former federal employees. It did so even though it had missed the hack for at least four months, if not more, until a company, CyTech Services, which was conducting a sales demonstration, found malware in OPM’s system that could have been there for a year or more.
The unfolding series of disasters has affected at least four million Americans—and perhaps as many as 14 million—including all current federal employees, retired federal employees, and a million former federal employees.
Reports of a second hack by China has added to the outrage, and compounded the problems. “Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged,” reported the Associated Press.
The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.
How many millions of Americans serving their country does this place at risk?
Under a Republican president, this newest administration scandal would have been front-page, round-the-clock news, with the most sinister of motives ascribed to them, probably for many days running. But as of Friday morning, The Washington Post had relegated coverage of this story to page A14, and several other news outlets began covering the story by simply reposting an AP article to their own websites.
Television news has been dominated by stories of two escaped convicts, a local head of the NAACP who falsely represented herself as African American, and the reset, or re-launch, of Hillary Clinton’s presidential campaign.
Where are the talking heads, the pundits in the media, calling for President Obama—not agencies, not government bureaucrats, but President Obama—to show more care in protecting American citizens against cyberattacks? Such attacks violate our privacy and leave each of us open to hacking, blackmail, and targeting by China, which has been connected in most reports to the breaches.
And it serves as a reminder how likely it is that Hillary Clinton’s private email server that she used during her tenure as Secretary of State was hacked by the Chinese, and possibly the Russians, North Koreans and Iranians. One can only imagine what they have on her.
“What’s more, in initial media stories about the breach, the Department of Homeland Security had touted the government’s EINSTEIN detection program, suggesting it was responsible for uncovering the hack,” reports Wired.com. “Nope, also wrong.”
“The OPM had no IT security staff until 2013, and it showed,” reports Wired.
Ken Dilanian’s AP article, despite its wide distribution, fails to mention the number of warnings that OPM, and the government as a whole, has received about its lack of adequate security. “U.S. Was Warned of System Open to Cyberattacks,” reported The New York Times on June 5, describing OPM’s 2014 security as “a Chinese hacker’s dream.”
The 2014 Inspector General’s report was based on an analysis conducted between April and September of last year. While the administration has said that the attack occurred in December of last year, The Wall Street Journal’s Damian Paletta and Siobhan Hughes wrote of the first reported attack: “Investigators believe the hackers had been in the network for a year or more” when it was discovered in April.
That IG report stated that OPM’s status was “upgraded to a significant deficiency” due to a planned reorganization, and that it had “material weakness in the internal control structure” of its IT program.
The agency did not possess an inventory of all the computer servers and devices with access to its networks, and did not require anyone gaining access to information from the outside to use the kind of basic authentication techniques that most Americans use for online banking,” reported the Times. “It did not regularly scan for vulnerabilities in the system, and found that 11 of the 47 computer systems that were supposed to be certified as safe for use last year were not ‘operating with a valid authorization.’
The opinions expressed by columnists are their own and do not necessarily represent the views of Barb Wire.