Skip to main content

Office of Personnel Management and its CIO ruled responsible for 2014-2015 hacks

A hand on a laptop in a dark surrounding.
The House Oversight and Government Reform Committee has now published its report on the 2014 and 2015 hacks of the Office of Personnel management (OPM), informing the world of who it believes was ultimately responsible. It’s laid the blame squarely at the feet of the OPM, claiming that had it implemented “basic cyber-hygiene,” neither breach may ever have happened.

Tens of millions of U.S. government employees and their close relations had personnel information revealed as part of the breaches in 2014 and 2015, when hackers managed to infiltrate the OPMs servers. It was real egg on the face for the administration, as well as damaging to the potential security of many of America’s most at-risk government employees.

We’re told that the first breach — which actually took place in 2013 but was not discovered until several months later in 2014 — allowed hackers to steal manuals and information on the types of data stored on the servers. It was the second breach that did the real damage however, stealing investigation data, personnel records and even fingerprints of millions of government employees.

While it was likely that security at the OPM had been breached, it wasn’t clear if it was entirely at fault for the hack, but that is what the Oversight Committee has decided. In its extensive report, titled (damningly): “The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation,” the committee claimed that there were basic tools that could have been used to prevent breaches, but the OPM did not use them.

In fact, even the tool used to discover the breaches was not purchased by the OPM. It was undergoing a trial of the software on its live network and discovered the massive infiltration of foreign actors, which many believe were acting on behalf of the Chinese government.

Even then, the OPM didn’t pay up, purportedly returning the software after attempting to clear up the breach without incident (as per Ars Technica).

The report also takes aim at former OPM chief information officer Donna Seymour, who it claims lied during her testimony about the breaches, deliberately playing down the OPM’s lack of readiness and even claiming that the damage done was not as severe as it ultimately turned out to be.

Moving forward, the report recommends that all federal agencies have an appointed CIO who is not only competent and empowered to make necessary changes, but is also accountable for and failing in the organization’s digital security.

Other recommendations include fewer employees identifying themselves using social security numbers, as well as treating all employees as “outside” users with much more limited permissions.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Apollo, a Reddit app featured during WWDC, is being shuttered
The Reddit app icon on an iOS Home screen.

On Thursday, the developer of the popular Apollo app for Mac, which is a third-party interface for Reddit, announced that the app would be closing. The app will remain live until June 30.

The developer announced the change in a Reddit post, saying "Eight years ago, I posted in the Apple subreddit about a Reddit app I was looking for beta testers for, and my life completely changed that day... Today's a much sadder post than that initial one eight years ago." The developer originally went to the social media platform to protest Reddit's changes to API pricing. After talks turned "ugly," they said Apollo would be closing.

Read more
The best Ethernet cables for 2023
An Ethernet port and plug.

You might have bought some Cat-5 Ethernet cables a few years ago, but as time passes, it’s probably time to think about upgrading them to a more modern, more capable option. Unfortunately, the number of Ethernet cable options has not become any less complicated over the years. But we're here to help with our definitive list of the best Ethernet cables.

Read more
HP 72 hour flash sale: Get this 17-inch laptop for just $330
A woman video chats with her friends on an HP Envy laptop.

One of the cheapest 17-inch laptop deals today comes courtesy of the HP 72-hour flash sale. Available right now, you can buy a HP 17-inch laptop for just $330 saving you $170 off the regular price of $500. While this isn't exactly a high-spec system, if you simply need a laptop with as large a screen as possible, it'll do the job. It's well-suited for taking to school with you or for basic work at home too. As mentioned, the HP sale is only for a limited time only so if it appeals, you may wish to hit the buy button sooner rather than later.

Why you should buy the HP 17-inch laptop
When on a budget, it's extra smart to buy from one of the best laptop brands so you get value for money. This HP 17-inch laptop has the essentials. There's an Intel N200 processor, 8GB of memory and 256GB of SSD storage. None of that is incredibly remarkable but at this price, you could end up seeing eMMC storage over SSD so that's a nice small advantage.

Read more