US OPM breach was preventable


By Dylan Bushell-Embling
Monday, 12 September, 2016

US OPM breach was preventable

The high-profile data breach involving the theft of information from millions of US federal employees was preventable, a year-long House of Representatives investigation has found.

A damning report from the US House Oversight and Government Reform committee found that the Office of Personnel Management failed to prioritise cybersecurity despite repeated warnings leading up to last year’s breach that their data stores were vulnerable to attack.

The investigation also found that the OPM failed to implement a long-standing federal requirement to use multifactor authentication to control access to the network and misled the public on the extent of the damage of the breach.

Once OPM learned attackers were targeting such sensitive data, even by implementing basic required security controls such as multifactor authentication, the office could have significantly delayed, mitigated or even prevented the theft, the report states.

The report also includes quotes from former intelligence agency officials stating that the breach was “a significant blow” to US national security efforts, and that the damage will take decades to fix.

In an apparent coordinated campaign suspected of being orchestrated by overseas hackers, attackers last year stole the personnel files of 4.2 million former and current government employees as well as security clearance background information on 21.5 million acquaintances of these employees.

The report notes that the type of information stolen could be invaluable for foreign intelligence agencies looking to compromise government employees.

Image credit: ©lollo/Dollar Photo Club

Related News

Austroads' Digital Trust Service positioned for scalable expansion

Austroads' Digital Trust Service can be used to authenticate mobile driver licences issued by...

Home Affairs opens consultation on Zero Trust culture

The Department of Home Affairs has released a consultation paper on embedding a Zero Trust...

Macquarie Government deploys SASE for federal agency

Macquarie Government has expanded its partnership with Netskope following its deployment of the...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd