Friday, June 12

Millions of sensitive personnel records copied; govt implies no big deal: "such as birthdates"

Since everyone out here in flyover country is so busy working and raising their kids (etc), you may not have heard that someone--thought to be the Chinese government--hacked the computers of the federal Office of Personnel Management and made off with copies of files on millions of current and former fed employees.  (The data on file cover 4 million people and OPM still isn't sure how many files were copied.) [SEE UPDATE at bottom.]

I'm sure none of you will be surprised to hear that the OPM is downplaying the severity of the hack and the possible damage.  A spokesman said what was taken “could include” personal file information such as birth dates.

Gee, birth dates?  No wonder they're not very worried!  What a nothing story, right?

You need to think like an attorney: Parse the guy's words carefully.  He gave an example--totally unnecessary, of course--of personal information "such as..."  But in fact the real extent of the damage is huge--because the "personal data" includes the full contents of an innocuous little form called an SF-86.

That "little" form actually contains 127 pages of raw information from background checks of people who were either applying for a fed job or seeking a higher security clearance.

Now I know you'll all be shocked to learn that a few hundred thousand federal employees--like a lot of regular civilians--managed to get hired even though they have some very embarassing stuff in their background checks.  If a hostile government wanted to focus efforts to recruit spies based on vulnerability to blackmail, in the most efficient possible way, having this info would be an invaluable resource.  Or if a fed employee had relatives living in China who could be squeezed unless the employee agree to help the Chinese government.  You get the picture.

So that's bad enough.  But equally troubling is that OPM--following that wonderful model of "transparency" that your emperor promised he'd follow if he took the White Hut--has lied about how the hack was discovered.  In a *very* carefully worded press release they claim they discovered it after investigating their own system, but it's now been reported that the theft was discovered when a computer security company was demonstrating its latest software, designed to detect spy programs in large computer systems.

Apparently the company's software worked as advertised, and found the spying program.

Of course if you don't work for the federal gummint, no big deal, right?  Au contraire.  You have medical records, right?  And with Obamacare they're all on a federal computer somewhere.  Do you think your medical records are any safer than the OPM's?

The OPM lied about how this theft was discovered because the official fable made them look less incompetent.  So if your med records were stolen, do you think that gummint agency would tell you about it?  Do you think they'd lie to cover their asses?
UPDATE:  Two new developments now being reported.  First is that the original breach may have resulted in the theft of records on not just 4 million, but...14 million people.

And a second breach has been discovered, on a different computer.  Sources say files on about 2.9 million people may have been stolen.  More worrisome is that this attack was specifically on a database of people applying for security clearances.

OPM refused to comment on this latest report.

Whaddya wanna bet that if anyone is fired for OPM having poor security it'll just be some lowly GS-3 secretary or data fetcher.  None of the higher-ups will be tagged.  Why?  Because they know where the bodies are buried, so to speak.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home