As many as 4 million people may have had their personally identifiable information compromised in a breach of IT systems at the Office of Personnel Management.
OPM detected the data breach in April, but waited until June 4 to announce it publicly. According to the announcement, the intrusion predated the office's adoption of tougher security controls.
The Homeland Security Department's Computer Emergency Readiness Team and the FBI are working with OPM to determine the full impact to federal personnel.
"OPM continues to improve security for the sensitive information it manages and evaluates its IT security protocols on a continuous basis to protect sensitive data to the greatest extent possible," the announcement reads. "Since the intrusion, OPM has instituted additional network security precautions."
See also: Lawmakers fault OPM over massive cyber breach
Those precautions include:
- style="margin: 0in 0in 0.0001pt; background: white;">Restricting remote access for network administrators and restricting network administration functions remotely;
- style="margin: 0in 0in 0.0001pt; background: white;">A review of all connections to ensure that only legitimate business connections have access to the internet;
- style="margin: 0in 0in 0.0001pt; background: white;">Deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.
OPM will notify approximately 4 million individuals whose PII may have been compromised, according to the announcement. Because the incident is still under investigation, more individuals whose information is at risk may yet be identified.
OPM will also offer credit report access and credit monitoring to the potentially affected people.
"Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM," saidOPM Director Katherine Archuleta. "We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted."
