[BreachExchange] Smith seeks information and documents related to OPM data breach
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Jul 29 14:16:52 EDT 2016
https://riponadvance.com/stories/smith-seeks-information-documents-related-opm-data-breach/
House Science, Space, and Technology Committee Chairman Lamar Smith (R-TX)
recently sought documents related to an Office of Personnel Management
(OPM) data breach that could have exposed information to foreign nationals.
Smith requested the information in letters to Office of Management and
Budget (OMB) Director Shaun Donovan and acting OPM Director Beth Cobert.
“The identification of foreign nations as one of the most serious cyber
threats to agencies underscores concerns that were raised after last year’s
OPM breach over the potential access to OPM’s sensitive data by foreign
nationals,” Smith wrote. “According to news reports at the time, it appears
that some of OPM’s contractors may have given ‘foreign governments direct
access to data long before the recent reported breaches.’ In one instance,
an administrator for the project was in Argentina and his co-worker was
physically located in the [People’s Republic of China]. Both had direct
access to every row of data in every database: they were root.”
The Government Accountability Office (GAO) released a report last month
that found that OPM was among “the 18 agencies having high-impact systems
identified cyber attacks from ‘nations’ as the most serious and most
frequently-occurring threat to the security of their systems.”
“Additionally, a different team working on the database was led by two
employees with passports from the People’s Republic of China,” Smith said.
“In other words, an agency that identifies foreign nations as the source of
the most serious and frequently occurring threat, either failed to realize
that foreign nationals had access to its database, or knew it and failed to
correct the situation.”
Smith requested information from the OPM, which was involved in the data
breach, and the OBM, which has statutory oversight of OPM compliance with
federal cybersecurity standards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160729/c2269550/attachment.html>
More information about the BreachExchange
mailing list