2015 OPM Cybersecurity Attack: The Rundown

Last year the U.S. government faced what is believed to be the largest cyberattack, as the Office of Personnel Management (OPM) discovered an intrusion into personal information of more than 4 million current and former federal employees, according to a recent OPM press release.
Social security numbers, health care information and other sensitive information were hacked. However in a second separate data breach that was made public in June, personal information of as many as 21.5 million employees and U.S.[1] citizens was compromised, according to the press release. The hackers accessed government forms used for security clearances such as SF86 questionnaires, which contain personal information regarding employees’ and their family members’ information.

The hackers obtained a log-in credential adopted by the contractor OPM uses to conduct background checks of federal employee applications. Hackers today have become more sophisticated and creative at obtaining confidential information through methods such as phishing.

After conducting an internal review that showed a vulnerability in its background check system, E-QIP, OPM has taken proactive security measures by temporarily shutting down federal employee background checks, according to an OPM press release that was released late-June.[2]

What Does This Mean For You?

This is not the first time the government has withstood a large-scale attack, and it definitely will not be the last. According to a Government Accountability Office (GAO) report, 19 of 24 federal agencies have declared cybersecurity as a “significant deficiency or material weakness.”[3]Your organization, whether federal, financial or of another industry, is at risk.

Shortly after the public announcement of the breach, OPM released a press release with recommendations on how to avoid identity theft.[4] OPM advises that users be aware of phones calls and emails from people asking about other employees’ personal information, to not reveal personal information in emails, and to be proactive in utilizing anti-phishing software.

Wilson Consulting Group (WCG) can equip your organization with the tools and techniques to prevent malicious cyber and security attacks, recognize any potential risks, and provide your employees the knowledge on how to strengthen your organization’s security infrastructure. WCG offers a Cybersecurity Assessment to assist organizations, including, but not limited to, federal agencies, financial institutions and healthcare organizations with protecting their most vital information and assets from internal and external malicious forces. You will be provided with a comprehensive analysis of the information gathered and an assessment of the weaknesses detected, which, when patched, will strengthen your security infrastructure. We also provide you recommendations for remediation based on the level of risk for each weakness detected. Overall, you will experience a reduced risk of information being compromised, and a safer and more viable environment. We provide other services, such as Penetration Testing and Vulnerability Assessments, to cater to your organization’s needs and issues.

[1]https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/

[2]https://www.opm.gov/news/releases/2015/06/opm-notifies-agencies-of-temporary-suspension-of-e-qip-system/

[3]http://www.gao.gov/assets/680/671253.pdf

[4]https://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/