1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Live TV
Latest audioLatest videos
In focus
US election 2024Russia's war in UkraineIsrael-Hamas

Congressional report: OPM hack preventable

September 7, 2016

A congressional report has found OPM failed to take basic cybersecurity precautions to prevent one of the largest breaches of government systems. More than 21 million people were impacted by the breach.

https://p.dw.com/p/1Jwos
Symbolbild Multimedia Auge Cyberwar
Image: Fotolia/Kobes

One of the largest cyberrattacks on US government computer systems was preventable if basic security steps had been taken, according to a US congressional report released on Wednesday.

The 2014 and 2015 hack on the US Office of Personnel Management (OPM) -- the government's human resources branch that also manages security clearances and background checks -- led to the personal information of more than 21 million former, current and prospective government workers being compromised.

The US House Committee on Oversight and Government Reform found the hack, which was revealed to the public last year, found OPM failed to secure sensitive information despite repeated recommendations and did not properly evaluate that it was faced with a sophisticated hacker.

US intelligence officials have blamed the hack on China.

"We have literally tens of millions of Americans whose data was stolen by a nefarious overseas actor, but it was entirely preventable," said Rep. Jason Chaffetz, a Republican and committee chairman.

Cyber blackmail

OPM Acting Director Beth Cobert said in a statement the hack acted as "a catalyst for accelerated change within our organization" and the report "does not fully reflect where this agency stands today."

The government first detected a hacker in March 2014 when a team at the Department of Homeland Security (DHS) noticed piles of data leaving OPM computers at night.

"DHS called us and let us know, hey, we think this is bad," Jeff Wagner, OPM's director of information security operations, told investigators, according to the report.

Teams at OPM, the FBI and National Security Agency then spent two months monitoring the hacker before implementing a plan, dubbed "the Big Bang," to kick the hacker out of the system.

"The risk of kicking them out too early had come and gone," Wagner said," and now the risk was becoming having them in too long, and we didn't want to keep them around any longer than we had to."

With attention focused on the hacker, experts failed to realize a second intruder using a contractor's credentials had entered the system weeks earlier.

The undetected second hacker was able to pilfer reams of information related to government employees over several months. Cyber experts didn't notice the intrusion until April 2015.

cw/jil (AP, Reuters)

Skip next section Explore more

Explore more

USA OPM in Washington

US officials say staff data hack affected 21.5 million

US officials say staff data hack affected 21.5 million

Millions more people than previously announced may have had their data breached at the US Office of Personnel Management. The data came from applicants for security clearance who were undergoing background checks. (10.07.2015)
July 10, 2015
FBI emblem in Washington DC

FBI warns of cyber threats to state election systems

FBI warns of cyber threats to state election systems

The FBI has urged officials to secure election systems ahead of the US presidential elections. US officials have grown wary of cyber attacks on state and federal infrastructure following a series of hacks. (29.08.2016)
August 30, 2016
Anti-Spähsoftware (Symbolbild)

Russian hackers suspected behind cyberattacks on US media

Russian hackers suspected behind cyberattacks on US media

Hackers with ties to Russia are thought to be behind a series of recent cyberattacks on US media outlets, including "The New York Times." Cyber vulnerabilities have become something of a crisis in the US government. (23.08.2016)
August 24, 2016