The OPM Breach: When Security Isn’t Updated

The latest and greatest OPM hack, which exposed millions of federal employees to data theft, has served to underline the importance of data security in the modern world and the dangers of relying far too much on outdated tech and a hopeful attitude.

OPM Security Breach and the Public 

If you haven’t heard of the major OPM security breach, here are the salient details. The Office of Personnel Management of United States federal government was hacked, and information regarding government employees was stolen.

This would have been a headache for any company, but the government is the largest employer in the country and the results were easily magnified. It is estimated that the personal information of around 18 million people could have been stolen, (although that number is subject to change following more officially investigations).

It is believed that the attack was perpetuated by Chinese hackers, but the real question here is, How was it done? What went wrong with OPM security to allow this massive breach? Unfortunately, the answer is troubling. It appears that hackers were able to steal a credential key from KeyPoint Government solutions, a contractor working for OPM, and use that login to breach the database.

The fault for this lies almost entirely at the door of OPM itself. The company’s systems simply weren’t advanced enough to use encryption or emergency contacts to prevent the hack.

Unfortunately, Hacking Gets Results 

OPM, and specifically it’s CIO Donna Seymour and Director Katherine Archuleta, appear to have known that its security measures were out of date. In fact, they were so out of date that by the early 2010s, OPM was still used security that had last been fully updated in the 1990s. Systems and software were so outdated that they had little chance of defending against any sort of serious hacking attempt.

Indeed, reports on the latest budgeting of OPM’s Federal Data Center Consolidation Initiative show a request for a sizable increase in funding specifically to upgrade its security measures and noted that OPM dealt with the personal information of around 32 million employees.

In this case, it was too little, too late. Perhaps Congress is to blame, since the budget was not yet passed by the time that the attack occurred. Perhaps OPM should have taken this situation more seriously from the beginning. Either way, the major hack was the one thing that finally produced results. Congress is expected to deal with the subject of federal data security much more aggressively now – and the widespread coverage of OPM means that these measures are likely to make it through the political firewall.

A Way to the Future 

Fortunately, private companies do not have to face the political hurdles of OPM. Indeed, the major initiative to prevent future problems is more intercommunication with private companies to help the antiquated government spot threats before they become more serious issues.

However, while it may be tempting to smirk at the government, private companies should also take this data breach as a warning sign. Just because a breach hasn’t happened with current security solutions doesn’t mean that they are up to date or sufficient – it just means that a resourceful hacker hasn’t tried anything yet. This is why continuous monitoring and more robust IT security are so important: Getting caught off guard is never pretty.

The latest and greatest OPM hack, which exposed millions of federal employees to data theft, has served to underline the importance of data security in the modern world, and the dangers of relying far too much on outdated tech and a hopeful attitude.

OPM Security Breach and the Public 

If you haven’t heard of the major OPM security breach, here are the salient details. The Office of Personnel Management of United States federal government was hacked, and information regarding government employees was stolen. This would have been a headache for any company, but the government is the largest employer in the country and the results were easily magnified. It is estimated that the personal information of around 18 million people could have been stolen, although that number is subject to change following more officially investigations.

It is believed that the attack was perpetuated by Chinese hackers, but the real question here is: How was it done? What went wrong with OPM security to allow this massive breach? Unfortunately, the answer troubling. It appears that hackers were able to steal a credential key from KeyPoint Government solutions, a contractor working for OPM, and use that login to breach the database. The fault for this lies almost entirely at the door of OPM itself: The company’s systems simply weren’t advanced enough to use encryption or emergency contacts to prevent the hack.

Unfortunately, Hacking Gets Results 

OPM, and specifically it’s CIO Donna Seymour and Director Katherine Archuleta, appear to have known that its security measures were out of data. In fact, they were so out of data that by the early 2010s, OPM was still used security that had last been fully updated in the 1990s.

Systems and software were so outdated that they had little chance of defending against any sort of serious hacking attempt. Indeed, reports on the latest budgeting of OPM’s Federal Data Center Consolidation Initiative show a request for a sizable increase in funding specifically to upgrade its security measures and noted that OPM dealt with the personal information of around 32 million employees.

In this case, it was too little, too late. Perhaps Congress is to blame, since the budget was not yet passed by the time that the attack occurred. Perhaps OPM should have taken this situation more seriously from the beginning. Either way, the major hack was the one thing that finally produced results: Congress is expected to deal with the subject of federal data security much more aggressively now – and the widespread coverage of OPM means that these measures are likely to make it through the political firewall.

A Way to the Future 

Fortunately, private companies do not have to face the political hurdles of OPM. Indeed, the major initiative to prevent future problems is more intercommunication with private companies to help the antiquated government spot threats before they become more serious issues.

However, while it may be tempting to smirk at the government, private companies should also take this data breach as a warning sign. Just because a breach hasn’t happened with current security solutions doesn’t mean that they are up to date or sufficient – it just means that a resourceful hacker hasn’t tried anything yet. This is why continuous monitoring and more robust IT security are so important. Getting caught off guard is never pretty.

Katrina is a computer savvy tech specializing in designing and manufacturing custom server racks with rack solutions.