http://hotair.com/archives/2015/06/12/the-agency-that-just-had-millions-of-employee-records-hacked-by-china-didnt-have-an-it-security-staff-until-2013/The agency that just had millions of employee records hacked by China didn’t have an IT security staff until 2013; Update: Millions more military and intel records exposed in second hack
posted at 4:41 pm on June 12, 2015 by Allahpundit
Who would have guessed that Healthcare.gov wouldn’t turn out to be the biggest tech disaster of the Obama presidency?
Honestly, I’m kind of curious to see how how much lower the bar can go. ‘Fess up, White House: He forgot his password for the nuclear launch codes, didn’t he?
The OPM had no IT security staff until 2013, and it showed. The agency was harshly criticized for its lax security in an inspector general’s report released last November that cited its lack of encryption and the agency’s failure to track its equipment. Investigators found that the OPM failed to maintain an inventory list of all of its servers and databases and didn’t even know all the systems that were connected to its networks. The agency also failed to use multi-factor authentication for workers accessing the systems remotely from home or on the road.
The millions of victims of the OPM breach are already expressing their anger over the massive data spill. J. David Cox, the president of the union of federal government employees, has written a strongly worded letter to OPM director Katherine Archuleta lambasting the security mismanagement that led to the breach and the agency’s response to it. “I understand that OPM is embarrassed by this breach,” Cox writes. “It represents an abysmal failure on the part of the agency to guard data that has been entrusted to it by the federal workforce.”
Cox’s letter points to what appears to be a lack of encryption protecting the breached personal data, “a cybersecurity failure that is absolutely indefensible and outrageous.”
continued
