Advanced search Help
Searching for terms: ALL (OPM AND Data AND Breach) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
OPM Data Breach: Personnel Security Background Investigation Data [July 24, 2015]
"In a July 9, 2015, news release on the cyber-intrusions of its systems, OPM [Office of Personnel Management] 'concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.' OPM's background investigation databases contain sensitive personal information on individuals (including congressional staff) who have undergone a personnel security background investigation as part of the security clearance process. This sensitive personal information may include financial and credit data, details on alcohol or illegal drug use, names of foreign contacts, or mental health information. OPM's systems also contain information on individuals without security clearances, but who have undergone a background investigation for other reasons. For example, OPM conducts background investigations on individuals whose positions involve policymaking, law enforcement, or other responsibilities that demand a great deal of 'public trust,' even if the positions do not require access to classified materials. According to OPM, the breach includes data from 19.7 million current, former, and prospective employees and contractors who applied for a background investigation after 2000. Additionally, the breach includes personally identifiable information of 1.8 million non-applicants, which OPM states are primarily 'spouses or cohabitants of applicants.' OPM also confirmed that 'the usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen,' and that some of the records compromised by the breach include fingerprints."
Library of Congress. Congressional Research Service
Christensen, Michelle D.
2015-07-24
-
S. Hrg. 114-449: Under Attack, Federal Cybersecurity and the OPM Data Breach, Hearing Before the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Fourteenth Congress, First Session, June 25, 2015
This is the June 25, 2015 hearing held before the Senate Committee on Homeland Security and Governmental Affairs entitled "Under Attack: Federal Cybersecurity and the OPM [Office of Personnel Management] Data Breach." From the opening statement of Chairman Ron Johnson: "Earlier this month, the Office of Personnel Management (OPM) announced that over the past year hackers stole 4.1 million federal employees' personnel records. Then, just days later, we learned the attack was actually far broader, involving some of the most sensitive data the federal government holds on its employees, and likely, many more records. It is hard to overstate the seriousness of this breach. It has put people's lives and our nation at risk. This massive theft of data may be the largest breach the federal government has seen to date. But it's not the first data breach affecting federal agencies, or even the OPM. Unfortunately, I doubt it will be the last. Our nation is dependent on cyber infrastructure and that makes our future vulnerable. The cyber threats against us are going to continue to grow--in size and sophistication. The purpose of this hearing is to lay out the reality of that cyber threat and vulnerability. The first step in solving any problem is recognizing and admitting you have one. We must acknowledge we have a significant cybersecurity problem in the federal government, especially at the OPM. This intrusion on the OPM's networks is only the latest of many against the agency, and the OPM has become a case study in the consequences of inadequate action and neglect. Cybersecurity on federal agency networks has proved to be grossly inadequate. Foreign actors, cyber criminals and hacktivists are accessing our networks with ease and impunity. While our defenses are antiquated, our adversaries are by comparison proving to be highly sophisticated. Meanwhile, agencies are concentrating their resources trying to dictate cybersecurity requirements for private companies, which in many cases are implementing cybersecurity better and more cheaply." Statements, letters, and other materials submitted for the record include those of the following: Katherine Archuleta, Tony Scott, Andy Ozment, and Patrick E. McFarland.
United States. Government Publishing Office
2015-06-25
-
Serial No. 114-28: Is the OPM Data Breach the Tip of the Iceberg? Joint Hearing Before the Subcommittee on Oversight & Subcommittee on Research and Technology, Committee on Science, Space, and Technology, U.S. House of Representatives, One Hundred Fourteenth Congress, First Session, July 8, 2015
This is the July 8, 2015 hearing "Is the OPM [U.S. Office of Personnel Management] Data Breach the Tip of the Iceberg?" held before the House Committee on Science, Space, and Technology. From the opening statement of subcommittee chairwoman Barbara Comstock: "Just over a month ago, the Office of Personnel Management (OPM) announced a massive data breach that exposed the personal information of over 4 million current and former federal employees and contractors. Like thousands of my fellow constituents and people across the country, I received a letter from OPM informing me that my personal information may have been compromised or stolen by criminals who are behind this attack. […] For years the OPM Office of Inspector General and the U.S. Government Accountability Office have been warning OPM leadership of critical vulnerabilities to their information systems. Some of the weakness and current problems were ID'd [identified] as far back as 2007. Today, many of their recommendations for fixing the systematic failures remain unmet. Cyber criminals and foreign enemies are working night and day with the latest technology to exploit every vulnerability in our system, and it appears we're behind the times. The United States has some of the world's best technological minds and resources, yet our management in OPM does not appear to be getting up to speed. […] Today's panel of witnesses will help us better understand the magnitude of cybersecurity challenges at OPM across the federal government, as well as determine what steps need to be taken to prevent future cyber attacks and the state-of-the-art best practices to do so." Statements, letters, and materials submitted for the record include those of the following: Michael R. Esser, David Snell, Charles Romaine, and Gregory Wilshusen.
United States. Government Publishing Office
2016
-
OPM: Data Breach, Hearing Before the Full Committee on Oversight and Government Reform, U.S. House of Representatives, One Hundred Fourteenth Congress, First Session, June 16, 2015
This is a compilation of the June 16, 2015 hearing entitled "OPM: Data Breach," held before the Full House Committee on Oversight and Government Reform. From the opening statement of committee chairman Jason Chaffetz: "As we sit here this morning, there is a lot of confusion about exactly what personal information for millions of current and former federal employees and workers was exposed through the latest data breach at Office of Personal Management (OPM). OPM initially reported that the personal information of over four million federal employees was exposed during this hack. More recent public reports suggest the breach was perhaps far worse than that. It is also unclear exactly what information was exposed. We would like know what information was exposed, over what period of time and who has this vulnerability. The breach potentially included highly sensitive personal background information collected through security clearance applications. The loss of this information puts our federal workforce at risk, particularly our intelligence officers and others working on sensitive projects around the globe. While we understand some of this information will be classified and can't be discussed here this morning, we do need clear up exactly what happened and what information was compromised. And we need to understand why the federal government -- and OPM in particular -- is struggling to guard some of our nation's most important information.'Statements, letters, and materials submitted for the record include those of the following: Katherine Archuleta, Andy Ozment, Tony Scott, Sylvia Burns, and Michael R. Esser.
United States. Congress. House. Committee on Oversight and Government Reform (2007-)
2015-06-16
-
Serial No. 114-81: OPM Data Breach: Part II, Hearing Before the Committee on Oversight and Government Reform, House of Representatives, One Hundred Fourteenth Congress, First Session, June 24, 2015
This is the June 24, 2015 hearing held before the House Committee on Oversight and Government Reform entitled "OPM Data Breach: Part II." From the opening statement of committee chairman Jason Chaffetz: "As we come together here today, a lot of questions remain about what happened last month when the Office of Personnel Management discovered one of the biggest data breaches in our country's history. That uncertainty is unacceptable. The most recent public reports indicate that many more Americans were affected by the breach than originally disclosed. Federal workers and their families deserve answers on both the scope of the breach and the types of personal information compromised. Because of these many outstanding questions, we still don't understand the extent to which this breach threatens our national security. However, according to the Intelligence Community, the risk is significant. Only the imagination limits what a foreign adversary could do with detailed information about a federal employee's education, career, health, family, friends, neighbors, and personal habits." Statements, letters, and materials submitted for the record include those of the following: Katherine Archuleta, Patrick E. McFarland, Eric A. Hess, and Rob Giannetta.
United States. Government Publishing Office
2015-06-24
-
Serial No. 114-125: Federal Cybersecurity After the OPM Data Breach: Have Agencies Learned Their Lesson? Hearing Before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform, United States House of Representatives, One Hundred Fourteenth Congress, Second Session, November 16, 2016
This is from the November 16, 2016 hearing, "Federal Cybersecurity After the OPM [Office of Personnel Management] Data Breach: Have Agencies Learned Their Lesson?" before the House Subcommittee on Information Technology. From the statement of Renee P. Wynn: "Chairman Hurd, Ranking Member Kelly, and members of the Subcommittee, thank you for the opportunity to testify before you today about NASA's efforts to manage our information technology (IT) resources and protect national assets in an ever-changing threat landscape. The NASA Administrator and all of NASA's leadership considers this to be a very high priority. As NASA's Chief Information Officer (CIO), my office provides IT products and services including policy and procedure for all of NASA. Currently about 17,100 civil servants and 40,000 contractors work at nine NASA Centers and one Federally Funded Research and Development Center, as well as several smaller satellite facilities. We also collaborate with space agencies around the world and have deep partnerships with researchers, engineers and scientists all over the world. Each day, hundreds of thousands of NASA personnel, contractors, academics and members of the public access some part of NASA's IT infrastructure -- a complex array of 418 information systems with over 140,000 components geographically dispersed around the globe. This infrastructure plays a critical role in every aspect of NASA's mission, from controlling spacecraft to processing scientific data." Statements, letters, and materials submitted for the record include those of the following: Renee P. Wynn, Jonathan Alboum, and Robert Klopp.
United States. Government Publishing Office
2017
-
Information Security: OPM Has Improved Controls, but Further Efforts Are Needed, Report to Congressional Committees
"OPM [U.S. Office of Personnel Management] collects and maintains personal data on millions of individuals, including data related to security clearance investigations. In 2015, OPM reported significant breaches of personal information that affected 21.5 million individuals. The Senate report accompanying the Financial Services and General Government Appropriations Act, 2016 included a provision for GAO [Government Accountability Office] to review information security at OPM. GAO evaluated OPM's (1) actions since the 2015 reported data breaches to prevent, mitigate, and respond to data breaches involving sensitive personnel records and information; (2) information security policies and practices for implementing selected government-wide initiatives and requirements; and (3) procedures for overseeing the security of OPM information maintained by contractors providing IT services. To do so, GAO examined policies, plans, and procedures and other documents; tested controls for selected systems; and interviewed officials. This is a public version of a sensitive report being issued concurrently. GAO omitted certain specific examples due to the sensitive nature of the information. […] GAO is making five recommendations to improve OPM's security. OPM concurred with four of these and partially concurred with the one on validating its corrective actions. GAO continues to believe that implementation of this recommendation is warranted. In GAO's limited distribution report, GAO made nine additional recommendations."
United States. Government Accountability Office
2017-08
-
Cyber Intrusion into U.S. Office of Personnel Management: In Brief [July 17, 2015]
"On June 4, 2015, the U.S. Office of Personnel Management (OPM) revealed that a cyber intrusion had impacted its information technology systems and data, potentially compromising the personal information of about 4.2 million former and current federal employees. Later that month, OPM reported a separate cyber incident targeting OPM's databases housing background investigation records. This breach is estimated to have compromised sensitive information of 21.5 million individuals. Amid criticisms of how the agency managed its response to the intrusions and secured its information systems, Katherine Archuleta has stepped down as the director of OPM, and Beth Cobert has taken on the role of acting director. In addition, OPM's Electronic Questionnaires for Investigations Processing (e-QIP) application, the system designed to help process forms used in conducting background investigations, has been taken offline for security improvements. Officials are still investigating the actors behind the breaches and what the motivations might have been. Theft of personally identifiable information (PII) may be used for identity theft and financially motivated cybercrime, such as credit card fraud. Many have speculated that the OPM data were taken for espionage rather than for criminal purposes, however, and some have cited China as the source of the breaches. […] The cybersecurity of most federal information systems is governed by the Federal Information Security Management Act (FISMA, 44 U.S.C. §3551 et seq.). Questions for policymakers include whether existing provisions of law give agencies the legislative authority and resources they need to adequately address the risks of future intrusions. In addition, effective sharing of cybersecurity information has been considered an important tool for protecting information systems from unauthorized intrusions and exfiltration of data."
Library of Congress. Congressional Research Service
Finklea, Kristin M.; Christensen, Michelle D.; Fischer, Eric A. . . .
2015-07-17
-
Identity Theft Services: Services Offer Some Benefits but Are Limited in Preventing Fraud, Report to Congressional Requesters
"Private-sector and government entities that experience data breaches often provide affected consumers with identity theft services, which typically include credit monitoring, identity monitoring, identity restoration, and identity theft insurance. In response to data breaches in 2015, OPM [Office of Personnel Management] awarded two contracts obligating about $240 million for identity theft services. GAO [Government Accountability Office] was asked to examine issues related to identity theft services and their usefulness. This report examines, among other objectives, (1) the potential benefits and limitations of identity theft services, and (2) factors that affect government and private-sector decision-making about them. GAO reviewed products, studies, laws, regulations, and federal guidance and contracts, and interviewed federal agencies, consumer groups, industry stakeholders, and eight providers selected because they were large market participants. Congress should consider permitting agencies to determine the appropriate coverage level for identity theft insurance they offer after data breaches. OMB [Office of Management and Budget] should analyze the effectiveness of identity theft services relative to alternatives, and should explore options to address duplication in federal agencies' provision of these services. OPM should address in its breach-response policy when to offer these services and should document its decision-making process. OPM agreed with GAO's recommendations to the agency."
United States. Government Accountability Office
2017-03
-
Serial No. 115-12: Improving Security and Efficiency at OPM and the National Background Investigations Bureau, Hearing Before the Committee on Oversight and Government Reform, House of Representatives, One Hundred Fifteenth Congress, First Session, February 2, 2017
This is the February 2, 2017 hearing on "Improving Security and Efficiency at OPM and the National Background Investigations Bureau," held before the House of Representatives Committee on Oversight and Government Reform. From the opening statement of Jason Chaffetz: "Two years ago, the Office of Personnel Management suffered one of the most damaging data breaches in the history of the Federal Government. This went on for some time, and there are still additional details that need to be learned. But the counterintelligence value of the data that was stolen will last for an untold amount of time, a generation or so. So it troubles me to hear reports that maybe some of the things that led to this haven't necessarily been changed at the Office of Personnel Management. We have a number of questions that I think we need to explore. For example, are legacy systems still in use for backup investigations? Is OPM (Office of Personnel Management ) employing good cybersecurity practices such as dual factor authentication and network segmentation? What is the plan to transition all of OPM's systems off this legacy technology? When will OPM stop using unsecured and vulnerable legacy technologies such as Cobalt and start using maybe some modernized solutions that can be put on the cloud?
United States. Government Publishing Office
2017
-
Financial Services and General Government Appropriations for Fiscal Year 2016: Hearing Before the Subcommittee on Financial Services and General Government of the Senate Committee on Appropriations, One Hundred Fourteenth Congress, First Session, June 23, 2015
This is the June 23, 2015 hearing on "Financial Services and General Government Appropriations for Fiscal Year 2016," held Before the Subcommittee on Financial Services and General Government of the Senate Committee on Appropriations. From the opening statement of John Boozman: "The massive breach of the Office of Personnel Management (OPM) systems may be the most devastating cybersecurity attack in our Nation's history. Unfortunately, while the news reports about these incidents have been shocking, they should not be surprising. The OPM incident follows several across Government and is only the latest example of the Federal Government's inability to protect itself from cybersecurity threats. Today's hearing before the Subcommittee on Financial Services and General Government is intended to elicit further information about the recent OPM data breaches. It is also a time to discuss the enormous challenges facing the Federal Government as it attempts to ensure this does not happen again. The Government spends approximately $82 billion a year on information technology. Given the cost of these projects and their impact on our economy and national security, members of the subcommittee have an ongoing commitment to conduct oversight. We must ensure that hard-earned tax dollars of millions of Americans are being spent wisely and effectively." Statements, letters, and materials submitted for the record include those of the following: Katherine Archuleta, Michael Esser, and Richard Spires.
United States. Government Publishing Office
2015-06-23
-
Serial No. 114-23: DHS's Effort to Secure .gov: Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security, House of Representatives, One Hundred Fourteenth Congress, First Session, June 24, 2015
This is the June 24, 2015 hearing entitled "DHS's Effort to Secure .gov," held before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies of the Committee on Homeland Security. From the opening statement of Subcommittee Chairman John Ratcliffe: "The subcommittee meets today to hear what the Department of Homeland Security is doing to secure U.S. Government networks from cyber hackers. The magnitude of the latest breach at the Office of Personnel Management, or OPM, and the impact that it will have on tens of millions of Americans and our National security for decades to come is simply unacceptable. OPM was warned about its poor IT security. Yet, we still found them asleep at the switch. To put it in perspective, OPM was responsible for safeguarding extremely sensitive data, personnel files, and security clearance information for tens of millions of Federal employees. Yet, OPM's efforts to secure its networks were frankly laughable. The stakes were immense. Yet, the cybersecurity efforts were pathetic. In my opinion, this could be classified as cybersecurity malpractice. The Federal agency guarding this sensitive information demonstrated gross negligence and willful disregard of earlier warnings. We need to know who in this administration is really in charge and who is truly responsible for securing our Federal Government's civilian information systems." Statements, letters, and materials submitted for the record include those of the following: Andy Ozment, Gregory C. Wilshusen, and Daniel M. Gerstein.
United States. Government Publishing Office
2015
-
Examining Private Sector Data Breaches, Hearing Before the Permanent Subcommittee on Investigations of the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Sixteenth Congress, First Session, March 7, 2019
This is the March 7, 2019 hearing titled "Examining Private Sector Data Breaches," held before the U.S. Senate Subcommittee on Investigations of the Committee on Homeland Security and Governmental Affairs. From the opening statement of Rob Portman: "It seems no industry is immune from data breaches that expose sensitive consumer information. Some of the biggest breaches have seen recently include Google, Uber, Facebook, and the department store Saks Fifth Avenue. Government agencies have not been immune from this. They have also suffered significant breaches, including over 20 million security clearance background files that were held by the Office of Personnel Management (OPM). Locating network vulnerabilities that hackers can exploit to gain access to sensitive information is a key issue." Statements, letters, and materials submitted for the record include those of the following: Mark Begor, Arne Sorenson, Andrew Smith, Puente Cackley, and John Gilligan.
United States. Government Publishing Office
2019
-
Serial No. 115-75: State of Play: Federal IT in 2018, Joint Hearing Before the Subcommittee on Information Technology and the Subcommittee on Government Operations of the Committee on Oversight and Government Reform, House of Representatives, One Hundred Fifteenth Congress, Second Session, March 14, 2018
This is the March 14, 2018 hearing on "Federal IT in 2018" held before House Subcommittees of the Committee on Oversight and Government Reform. From the opening statement of Will Hurd: "We need to rethink how we structure the Federal workforce, to ensure the Federal Government has access to smart, well-trained IT [information technology] and cybersecurity professionals, and be working in a bipartisan fashion, as always, in introducing a bill in the coming months to establish the U.S. cyber reserves, a public/private-sector rotational workforce. I look forward to the witnesses' thoughts on how to best organize and structure this kind of workforce. I also continue to have concerns about longstanding GAO [Government Accountability Office] recommendations that remain unaddressed, oftentimes year after year after year. These open, lingering vulnerabilities put us at incredible risk, as we saw with the devastating data breach at OPM [Office of Personnel Management], which it is crazy to think was almost 3 years ago. I want to hear from GAO their most critical open recommendations and, from the rest of the witnesses, concrete plans to close them. Let's use this hearing to ensure IT modernization across the Federal Government continues, even with more force and strength, in 2018. Let's not lose the momentum." Statements, letters, and materials submitted for the record include those of the following: David Powner, Margaret Weichert, Bill Zielinksi, and Jeanette Manfra.
United States. Government Publishing Office
2018
1
