ABC News is reporting that the U.S. Office of Personnel Management (OPM), essentially the human resources department for the federal government, is shutting down its background-check system in the wake of a massive recent data breach discovered in April and reported earlier this month involving millions of current and former government workers. According to an alert posted on OPM’s website, the Electronic Questionnaires for Investigations processing system, known as “e-QIP” will be suspended for an indefinite period of time to undergo security enhancements. The shutdown will begin Friday, and is expected to last roughly 4-6 weeks. In the interim, OPM said it will coordinate with other governmental agencies in order to find “alternative approaches” to undergoing the screening procedures. Embattled OPM chief, Katherine Archuleta, understands the potential inconvenience of the shutdown, however citing the security concern saying, “OPM recognizes and regrets the impact on both users and agencies and is committed to resuming this service as soon as it is safe to do so.” This comes as at least one additional hack was discovered earlier this month during the investigation of the previous data breach. Archuleta confirmed that the data was accessed by someone containing a credential from a Colorado-based contractor that conducts background investigations, KeyPoint Government Solutions. Director of National Intelligence, James Clapper, reaffirmed on Friday that he, along with countless experts, believes that China is responsible for the hacks.
Monday’s announcement continues what appears to be a snowballing effect produced by the hack, which began last December and continued unabated until its April discovery. Originally Archuleta said that roughly 4 million current and former government employees’ data were compromised, however, FBI director, James Comey told Congress earlier this month that based on OPM’s internal communications, that number is closer to 18 million, including former employees, federal contractors, and people whose background checks were rejected. Archuleta isn’t comfortable acknowledging that number, telling the Senate Homeland Security Committee, “It is my understanding that the 18 million refers to a preliminary, unverified and approximate number of unique Social Security numbers in the background investigations data.” Representative Jason Chafetz (R-UT), believes that the number could rise to as many as 32 million people, citing the total number of individuals that have personally identifiable information in the system according to a 2016 Office of Management and Budget (OMB) report. Archuleta has faced five separate congressional hearings since the hack was discovered while the potential ramifications of the intrusions continue to metastasize. This includes calls by many, including Republican presidential candidate Jeb Bush, calling for Archuleta’s ouster.
In addition to congressional efforts to identify and remedy the root causes of the data breaches, a coalition of federal employees is asking President Obama to take sweeping cybersecurity measures. On June 25th, the Federal-Postal coalition, a group that includes federal employees, managers, executives, and retired employees, penned a letter to President Obama, asking him to appoint a special IT task force to help with the investigation. In the letter, the group asked the president, “As you did with Healthcare.gov, we call upon you to immediately appoint a task force of leading agency, defense/intelligence and private-sector IT experts, with a short deadline, to assist in the ongoing investigation, apply more forceful measures to protect federal personnel IT systems, and assure adequate notice to the federal workforce and the American public.” Archuleta and investigators have noted that the current computer systems are over 30 years old and are no less secure than a typical online-banking web portal. The suspected thieves obtained access to millions of SF-86 questionnaires, which contain hundreds of pages of personal information leaking vital personal data about applicants and their families to the public, data which could potentially subject them to blackmail efforts. Archuleta has insisted that modernizing the network was a major priority in her 18-month tenure as the head of OPM, however, she told the Senate Homeland Security Committee, “We were not able to deploy them before these two sophisticated incidents, and, even if we had been, no single system is immune to these types of attacks.” Both houses of Congress are expected to work on legislation regarding federal cybersecurity later on in the session, including efforts to streamline public-private security information sharing, as well as a measure to speed up the installation of the new EINSTEIN 3A security system throughout all federal agencies. Currently, about 50 percent of federal departments have the new system deployed.
ABC News – Mike Levine
Government Executive – Kellie Lunney
USA Today – Erin Kelly