House Hears Details of Threats Posed By Massive Federal Employee Hack

07_08_hacking_01
Two House subcommittees met Wednesday to hear testimony regarding two massive breaches of Office of Personnel Management (OPM) systems discovered in June, which some are calling the worst hack of the U.S. government in history. Jonathan Ernst/Reuters

Two House subcommittees met Wednesday to hear testimony regarding a massive breach of Office of Personnel Management (OPM) systems, which some are calling the worst hack of the U.S. government in history. The breach, first discovered in April, wasn't made public until June.

OPM is responsible for managing the federal government's civil service. Government officials have said that the breach, believed to have been perpetrated by Chinese hackers, compromised the personal information of as many as 18 million current, former and prospective federal employees.

The hackers' sweep likely included security clearance form data, which contains highly personal information ranging from workers' sexual partners and marital troubles to drug use and other criminal activity, The Daily Beast reported. The breach is being investigated by the Federal Bureau of Investigation and the Department of Homeland Security.

Members of the Research and Technology and Oversight Hearing subcommittees heard testimony regarding the hack in a session titled Is the OPM Data Breach the Tip of the Iceberg?

"The latest incursion could give our enemies the means to attempt to corrupt or blackmail government employees," David Snell, federal benefits service director of the National Active and Retired Federal Employees Association, said at the hearing Wednesday. He suggested such leverage could compromise military and intelligence secrets, and make it easier for terrorist organizations to recruit Americans to their cause.

Beyond national security implications, Snell highlighted the responsibility of the federal government to keep its workers safe.

"It could lead to the possibility that particular public servants would become vulnerable to grave risks that could threaten their personal security and that of their families and loved ones," he said. "The federal government...has an obligation to do its best to adequately protect the sensitive information of its employees and job applicants...It failed to meet that obligation."

Gregory C. Wilshusen, director of information security issues at the Government Accountability Office (GAO), said in his testimony that the breach highlighted weaknesses on the part of the agency, including not using encryption, which helps protect sensitive data from being intercepted and compromised.

But some commentators online described government officials' call for this type of protection as hypocritical. Only hours earlier, during a separate hearing, Deputy Attorney General Sally Yates and FBI Director James Comey criticized the use of encryption by companies like Apple and Google.

I'd be less dismissive of the FBI's sky is falling encryption conniption if USG had, I don't know, encrypted my OPM data to make it go dark.

— Patrick Skinner (@SkinnerPm) July 8, 2015

Federal background checks are currently suspended for six to eight weeks while the hack is investigated.