The computer system of the Unites State’s Office of Personal Management was hacked by the Chinese hackers. They will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.
OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The hackers used the tougher security controls to intrude.
The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI) are investigating the full impact to Federal personnel.
After the intrusion additional network security precautions has been added by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
Credit monitoring and identify theft insurance, and recovery services are offered by OPM to potentially affected individuals through CSID®, a company that specializes in these services.
“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.
“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”