US Office of Personnel Management Hacked Again

tranquilidad writes: According to a story in the Washington Post, China hacked into the computer system of the United States' Office of Personnel Management last December. This was the second major intrusion in less than a year. Personally identifiable information of approximately 4 million individuals may have been compromised. The compromised information was related to security clearances and employee records. "The FBI is working with our interagency partners to investigate this matter. We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace," an FBI spokesman said.

Don't worry you will pay for credit monitoring.

[trout007]

This happened before when one of NASA's HR people left their laptop with every employees information in an unencrypted file in their car and it was stolen. We got 2 whole years of credit monitoring.

Re:Governments of the World Agree: Encryption Must

Federal personnel records: Some of the personnel records (the change forms, personnel actions) are stored in an online system which can be accessed online, via a username and password for each employee. A security requirement is that the password has to be changed every 90 days. And for YEARS, whenever the password was changed, the system would send a plain text email that included the new password, "for verification". Complaints about this obvious and basic security breach fell on deaf ears for about four years, until it was finally fixed. This is what we deal with.