More Than 22 Million People's Data Compromised By OPM Hack

OutOnARock writes with news that the Office of Personnel Management data breach reported earlier this month was actually far worse than earlier estimates had it; in all, it seems that more than 22 million people (not all of them government employees) had personal information compromised by the breach. From Yahoo News's coverage: That number is more than five times larger than what the Office of Personnel Management announced a month ago when first acknowledging a major breach had occurred. At the time, OPM only disclosed that the personnel records of 4.2 million current and former federal employees had been compromised.

I should've stayed unemployed...

[__aaclcg7560]

My two-hour background investigation interview lasted four hours because the bureaucrats in Washington couldn't understand how one person can have multiple jobs. After being out of work for two years (2009-2010), underemployed for six months (working 20 hours per month) and filing for Chapter Seven bankruptcy in 2011, don't you think a person would work a regular Monday-Friday job and a weekend job to get his finances in better shape? Meh...

Enjoy my case file, hackers! I hope your head explodes from my employment misery!

the internet is an open book

[turkeydance]

for everyone to read

Why did the US even allow such a database?

[AHuxley]

The US gov seemed to have really understood all the issues the UK and other nations had with selecting and sorting cleared staff from the UK security issues of the 1930's to 1980's.
Full background interviews, real cleared US gov staff looking deep into a persons submitted life story and the looking at the facts on the ground anywhere in the US.
Life story, education, friends, mail, reading material, calls logs all allowed the US gov to select the more useful and smart people for sensitive positions.
Over the past decade the move was to finding staff with unique skills quickly and trying to ensure US security paperwork was not going to be any issue for contractors, ex staff, former staff, people moving from the private sector into gov or gov into the private sector. All while keeping or re using past security access.
The US gov and mil could ensure skilled staff from the public and private sector where ready, could be found and sorted regionally and quickly for any task in or out of the USA.
The problem for the US gov is it needed so many contractors quickly and hoped remote digital files could 'clear' a boss and their new company or past contractor/mil/gov staff for new gov/mil/contractor work.
Vast new online digital databases allowed for lucrative jobs to be handed out and any security issues to fixed quickly.
The down side of this rapid system what what is what was fully understood by the US, UK, Australian and many other nations since the 1950's from their WW2 and 1930's security issues. Dont hire or create security in haste and keep the files away from all other people in gov, mil, private sector and other nations. How or why the US gov ever let go if its most secure files for national remote access is a real mystery.
Other nations who kept their files safe from new contractors needs and within the gov seemed to have understood the issues of rapid security expansion expansion and all the remote database issues. Why did the US gov and mil think it was a good idea or safe to allow complex files of that nature to just move regional and national networks from the mid 1990's on?

Wait until they hack Obamacare's DB

[BoRegardless]

That will happen. It is only a matter of time.

No more NSA

[Charliemopps]

So the NSA is clearly useless, and making the situation worse. They are not, and cannot protect us electronically. Instead, they are collecting all of our information and storing it for the inevitable hack that will give it to the rest of the world. The first question I ask when I'm asked to secure data is: "Do we actually need this data?" You can't steel what doesn't exist. Why the hell did this agency have data on people going back to the 1980s? Why is the NSA collecting data on all of us? It's a pointless endeavor that's putting us all at risk.

Re:so what

[ProfBooty]

You don't need to be in love to get married. There's no requirement to prove love. Long term cohabitiating couples, homo or hetero don't need government validation of their relationships.

This is about recognition for benefits and property rights, though the latter was often done by homosexual couples through LLCs for joint property.

There's no reforming OPM

[MikeRT]

OPM is pretty legendary in federal circles as basically the sort of federal agency that inspired the bureaucrat jokes on Futurama. The only way to "reform" them is to just scuttle the agency and transfer its functions to the various departments. The Office of the Director of National Intelligence should get the investigators and that authority. Civil service management should be a per-department issue. Managing retirees' benefits could easily just be contracted out to whatever private companies already manage the asset pool of the pension funds. The federal retirees I know would love to deal with a bank rather than OPM. Why? A bank would actually give a shit about processing their communications in a timely fashion.

Re:Super Secure NSA protects america!

[DarkOx]

I think that is the problem the NSA's mission isn't defense its offense largely. We don't really have a cyber (ugh I can't believe I just wrote that word) defensive force. We probably should but we leave that to 'domestic' agencies like the FBI and other groups we rolled up into Homeland Security.

Remember the "Department of Defense" (although there were some other reorganizations and mergers) was essentially created by renaming the "War Department" because its politically more palatable to have a "defense" department than a "war" department.

I think it is reasonable to have a group with the NSA's offensive mission so that we have the capability. I think its also clear we don't need that group to be the size and scale of the NSA; at least not when its in addition to the CIA.

Personally I think the sensible thing to do is disband NSA. Move some of the signals intel assets into CIA and possibly some in Army/Navy/Air-force as appropriate for task. What is left over should be re-tasked to actually defending and improving our computer security posture and probably turned into a new but small agency with a narrow mission statement and shoved under the homeland security umbrella. I'd say put in the FBI but that isn't really right because again the FBI's core mission is one of offense even if it is against domestic threats. In fact maybe we should part out the FBI a little bit too, moving some of the their fraud prevention and type efforts into again a smaller defensively focused group.

A lot of the problems we have with these agencies are culture and mission creep problems. Yes 9/11 showed us we need to be careful about erecting to many walls between our agencies. Which is why we created Homeland Security and parent department what should be coordinating information sharing. If we had smaller more narrowly focused groups with separate budgets power and money would be more diffuse it would keep one director or group of administrators from going off the rails and having such large pools of money to do insane things with like recording and storing meta data for every call make everywhere. Yet these groups could still have a culture of collaboration and information sharing possibly a way to directly refer cases to each other etc. They could still be effective without getting crazy.

More importantly and more to the point here. People in those groups would have a much clearer understanding of "the mission" and not have to deal with so many impedance mismatches. They and us would be able to do a much better job at assessing how effective they are.