The agency that manages U.S. government personnel records is investigating whether Social Security numbers at as many as 18 million citizens were taken in the huge cyber-attack revealed in recent weeks, the director with the federal jobs agency told a congressional hearing Monday.
“The 18 million is the term for a preliminary, unverified and approximate amount of unique social security numbers device investigations data,” Katherine Archuleta, director in the U.S. Office of Personnel Management, testified.
“It is not a number that I feel at ease, at the moment, represents the total amount of affected individuals,” she added.
The testimony came throughout the second hearing in 2 weeks with the House Oversight and Government Reform Committee into one from the largest and many serious cyber-attack’s within the government’s history. Federal officials knowledgeable about the breach have stated that hackers coupled to the Chinese government are thought to be accountable for gaining access to forms recording information that is personal about folks who apply for security clearances.
The committee chairman, Representative Jason Chaffetz, a Utah Republican, admonished Archuleta with the agency’s failings to avoid and detect the attack. Chaffetz necessary her resignation.
“Archuleta stated we’re not personally in charge of the OPM data breach and instead blamed the hackers,” Chaffetz said. “I disagree. As the head with the agency, Ms. Archuleta is—in fact—statutorily liable for the security in the OPM network and managing any related risk.”
Donna Seymour, OPM’s chief information officer, testified that hackers stole “manuals around the way we work,” including data regarding the agency’s servers, in the March 2014 hacking attack, 1 of 2 breaches agency officials believe were conducted.
“It could well be fair to state that would present you with enough information that one could learn regarding the platform — the infrastructure — in our system,” she said.
Chaffetz asserted “when this plays out, we’re planning to find that this became the step that allowed them to revisit and why we’re in this particular mess today.”
Chaffetz said Archuleta had mislead the federal workforce by nevertheless no information was accessed inside the attack discovered in March 2014. Archuleta defended herself by proclaiming that she resulted in no personally identifying information was stolen. The second attack were only available in June 2014, Seymour said.
Two government contractors were called to treat the panel’s questions regarding whether cyber-attacks on his or her company networks resulted in the OPM breaches.
U.S. Investigations Services LLC, the contractor that conducted the safety clearance criminal background check on former contractor Edward Snowden and was sued over faulty background record checks, notified the panel in making Monday which a cyber-attack against its network a year ago affected two divisions in the Department of Homeland Security, intelligence operations and police force agencies.
“Their letter disclosed the breach at USIS affected not merely DHS employees, but our immigration agencies, our intelligence community, and in many cases our law enforcement here on Capitol Hill,” Representative Elijah Cummings of Maryland said in the hearing Wednesday.
Another government contractor, KeyPoint Government Solutions, sent its chief executive officer to inform lawmakers that there’s no evidence a data breach in the company resulted in the cyber-attack on OPM.
“We have observed no evidence suggesting KeyPoint is at any way in charge of the OPM breach,” Eric Hess told the panel in written testimony for that hearing.
Archuleta said hackers found myself in OPM’s network by stealing a credential from your KeyPoint employee. Hess said the worker was working on OPM’s network.
OPM has brought 23 steps, including installing more firewalls and mandating cybersecurity training, to shore up its networks since Archuleta became director, the business said in the report released Wednesday. Going forward, OPM will use a new cybersecurity adviser and consider encrypting more data to safeguard against hackers, the report said.
Read more here: http://www.bloomberg.com/news/articles/2015-06-24/u-s-hack-may-have-disclosed-18-million-social-security-numbers