How to encrypt your data in a new data breach
Posted October 11, 2018 08:09:00A new data security breach at the U.S. Office of Personnel Management (OPM) may have exposed sensitive information to hackers, according to a senior IT security official who has been briefed on the incident.
The OPM breach affected an unknown number of employees, including one in the field who was an “overly senior IT person,” according to the source.
The incident was reported by the OPM, which said that it is aware of it and that it has taken the necessary steps to ensure the protection of sensitive information.
The source said that this information included sensitive medical information and financial data, including Social Security numbers, that could have been used to obtain identity theft protection cards and to gain access to personnel files.
“The Office of the Director of National Intelligence (ODNI) and the Office of Management and Budget (OMB) are taking the necessary actions to investigate the incident and are in contact with OPM and OMB to provide additional information and information on the steps taken to mitigate the threat,” OPM spokeswoman Lauren Neumark told Business Insider.
The information breach, which was first reported by The Hill, appears to be the first time that OPM has been hit with a data breach since the Office for Personnel Management launched a data security program in 2018.
A spokeswoman for OPM said that the agency is notifying the public, and that OMB is providing “technical assistance to OPM to address the concerns and help protect their data.”
OPM did not immediately respond to requests for comment from Business Insider on Friday.
The breach at OPM comes after a series of data breaches in 2017 at the federal government agencies that run the government’s systems, including the Federal Reserve and the Social Security Administration.
OPM is also the lead federal agency responsible for administering the federal employee retirement system, the Federal Employees Health Benefits Program (FEHBP), the Federal Public Service Retirement System (FPSRS), the Veterans Benefits Administration (VBA), and the Department of Veterans Affairs (VA).
“This incident is an example of why it is vital for businesses and consumers to keep their data secure, including in the workplace,” OMB Deputy Commissioner Thomas F. Hickey said in a statement on Friday, after the OMB notified the Office and other federal agencies that it was aware of the breach.
“It is also an example that when data is stored in a cloud, it is less likely to be recovered and is more susceptible to cyberattack.”
Hickey added that the data breaches that impacted OPM were “not unique.”
OMB also notified several other federal departments, such as the Departments of Defense, Veterans Affairs, and the Treasury Department, of the breaches.