[BreachExchange] The company linked to the OPM hack just got hired by the government again

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 20 14:48:22 EST 2017


http://www.zdnet.com/article/the-company-linked-to-opm-
hack-just-got-hired-by-the-government-again/

A company connected to the massive hack targeting the Office of Personnel
Management two years ago has been rehired by the US government.

Keypoint, which processes background investigations on behalf of its
clients, will provide its vetting services for a new government agency that
was set up in the wake of the 2014 intrusion.

The hack, which came to light last year, grabbed more than 22 million
records of Americans who had applied for security clearance to work for the
government. That data included background investigation and vetting records
of current, former, and prospective federal employees and contractors, as
well as some mental health and financial records. Later reports showed as
many as 5.6 million fingerprints were stolen in the breach.

It was one of the largest breaches of government data in US history that
was entirely preventable, according to a congressional report.

Though the government still hasn't said how it was hacked, all signs
pointed to China, which denied the allegations.

Keypoint has repeatedly been accused of losing control of a list of
usernames and passwords used to access the OPM's databases, which led to
the larger intrusion.

The newly formed National Background Investigations Bureau, set to open its
doors later this month, will also work with three other contractors to
process the thousands of applications it receives each month.

Contractors are a key part of processing the massive number of clearance
requests.

According to the news agency, one investigator found that when the OPM
fired one of its core contractors, its backlog in clearance investigations
rocketed.

The hope is that the NBIB can cut down the processing time of higher-range
clearances by more than half, from 170 days to 80 days.

A call to Keypoint's corporate headquarters went unanswered.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170120/c3b751a1/attachment.html>


More information about the BreachExchange mailing list