OPM "refusing to co-operate" with government data breach enquiry

The Capitol Building

The US Office of Personnel Management (OPM) has been hit with a subpoena over the investigation into its colossal 2015 data breach.

The US government's House Oversight Committee is currently looking into the massive hack, which saw intruders steal the personal data of 21.5 million federal employees, including the fingerprint information of 5.6 million.

However, the department - which manages the government's payroll and staffing operations and its acting director Beth Cobert have been "refusing to co-operate" with the investigation into the incident.

Utah Congressman Jason Chaffetz has been chairing the committee, and said that he has been forced to take legal action in order to obtain documents vital to the enquiry.

"We made a commitment to the American people to ensure a hack of this nature never happens again," he told US political site The Hill.

"The documents we've repeatedly requested be provided to this committee are essential to fulfilling that promise."

"We've been asking for months," he told a hearing in January. "When will we get 100 per cent of those requests?"

Despite praising the acting director as "a talented, qualified and competent choice" on her initial appointment, Chaffetz has now expressed his displeasure with Cobert's leadership.

"OPM, under Ms Cobert's leadership, is not cooperating with the committee's investigation," he said. "Despite assurances of cooperation, I'm disappointed Ms Cobert is not working in good faith with the committee".

"We have produced hundreds, thousands of documents", Cobert told a Senate panel on Thursday, "and we're going to continue to be as cooperative as we can be".

23/09/2015: Fingerprints of 5.6M US federal staff stolen in OPM hack

Data stolen during the security breach of the USA's Office of Personnel Management has now been found to include the fingerprint information of at least 5.6 million employees.

The hack, which was discovered earlier in the year, was already confirmed to include the theft of over 21 million people's personally identifiable information.

The data includes the biometric information of individuals with varying levels of security clearance, leading to fears that the individuals responsible - believed to be based in China - could gain unauthorised access to high-level files.

The department has dismissed these fears, however, with press secretary Sam Schumach stating that "as of now, the ability to misuse fingerprint data is limited".

Affected citizens will be notified by mail in the near future, the OPM said.

13/07/2015: US government hit by huge breach, Chinese hackers suspected

A senior US government official has stood down after a devastating hack on her department exposed the personal details of at least 21.5 million people.

The director of the US government's Office of Personnel Management (OPM), Katherine Archuleta, said her resignation would help the department "move beyond the current challenges" affecting the personnel offices of the US government.

Her department acts as the HR office for the US administration, and the stolen data contains details about both employees and applicants to US government positions, as well as their spouses, mostly since the year 2000.

Stolen information includes people's health details, financial statuses, criminal records and social security numbers of 21.5 million people.

The attack initially broke in the media in April, but the full extent of the damage is only now emerging.

These were hacked from OPM's databases storing background information on people who have applied for jobs in the US government mostly since 2000, as well as their partners' and relatives' details.

OPM said 19.5 million victims were job applicants and 1.8 million spouses or "co-habitants".

The department said in a statement: "If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely."

China is widely believed to be behind the attack, but the country's government has denied involvement.

China called the "hypothetical accusations" irresponsible and counterproductive, but they are just the latest in a series of cyber crime allegations levelled at the country.

It was linked to the DDoS attack on coding repository Github, supposedly due to their hosting of anti-censorship site GreatFire.org. It also has a history of using a cyber weapon dubbed the 'Great Cannon' to take down sites it finds objectionable. On top of all that, China was also behind a 10-year campaign of intrusions against Southeast Asian targets, according to analysts.

This latest breach has spurred cyber security experts both in and outside government to call for better defences against online attacks. House Intelligence Committee member Adam Schiff has said that improvements in security are "perilously overdue".

The debacle has led to both Democrat and Republican politicians calling for President Barack Obama to sack Archuleta.

Before her resignation, the department outlined a plan to help victims whose details have been breached, starting by employing a private firm specialising in identity theft monitoring.

The company will work with victims for three years at no charge to them.

OPM has also established a cyber security incident resource centre to provide updates on the hack as well as direct victims to support and advice.

This article was first published on 05/06/15, but has been updated multiple times (most recently on 05/02/16).

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.