Privacy Tuesday – June 2015 – OPM Hack

Mintz - Privacy & Cybersecurity Viewpoints
Contact

The news continues to pour in about the two-part massive hack into the federal government’s Office of Personnel Management (OPM) and the compromise of personal information of millions of present and former federal employees.

Today’s Privacy Tuesday has 3 things you should know about the incident —

To start, Brian Krebs has published a top-notch “tick tock” of events preceding the massive federal breach, followed by his analysis.   Check that reporting out on Krebs on Security.

Federal Government Massive Hack Update – “Crown Jewels”

The stories keep coming related to the hacks at the Office of Personnel Management (OPM).   We have written about the previous massive cyber intrusion at the OPM – the “HR” office for the federal government – compromising records of more than 4 million current and past federal employees.   Late last week, the Obama administration confirmed an Associated Press report that the breach was much larger – or was a different breach – than originally disclosed. The latest hack appears to have compromised the database of security clearance forms and supporting documentation for those federal employees and contractors who have been cleared for access to classified information.   The hackers are believed to have stolen records related to the Standard Form-86 used for background checks and it contains highly sensitive personal information.

Read more – Newly disclosed hack got “crown jewels – Politico

Sex, lies, and debt potentially exposed by the latest hack of US data from China – Business Insider

Hack of OPM reportedly exposed second set of much more sensitive data – arstechnica

“30 Day Cybersecurity Sprint” Ordered for Federal Agencies

This may be closing the door after the horse is already out of the barn … but … Tony Scott, the federal government’s Chief Information Officer, has announced a “30-day cybersecurity sprint” aimed at requiring federal agencies to harden security measures and improve the resilience of federal networks. The Sprint Team will consist of representatives from the Department of Homeland Security, the Office of Management and Budget’s E-Gov Cyber and National Security Unit, the National Security Council Cybersecurity Directorate and the Department of Defense. After the review period, Scott announced that he will establish action plans and recommend a federal civilian cybersecurity strategy.

Read more – White House rushes to strengthen cyber defenses as hack fallout grows – The Hill

White House tells agencies to tighten up cyber defenses “immediately” – Nextgov

OPM Can Find Some of its Missing Data – on the Dark Web

According to several reports, alleged copies of OPM data have appeared on the dark web.

Security Affairs details a site alleged hawking OPM data and that it “is being traded actively.” Motherboard reports that a database dump it discovered contains over 23,000 government email addresses – more than 9,000 .gov email addresses and almost 12,000 .mil email addresses. There has been no further independent confirmation as yet of the accuracy or source of the report.

[View Source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Mintz - Privacy & Cybersecurity Viewpoints

Written by:

Mintz - Privacy & Cybersecurity Viewpoints
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Mintz - Privacy & Cybersecurity Viewpoints on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide