search
Donate

News

‘Cyber Pearl Harbor?’ Up to 32 Million Had Info Breached

By:
Posted on:

< < Back to cyber-pearl-harbor-up-to-32-million-had-info-breached
Sen. James Lankford, R-Okla., greets OPM Director Katherine Archuleta before a hearing about OPM’s data security Tuesday. (Matthew J. Connor)
Sen. James Lankford, R-Okla., greets OPM Director Katherine Archuleta before a hearing about OPM’s data security Tuesday. (Matthew J. Connor)

WASHINGTON – First, officials said, hackers  stole information about 4.2 million people. Then it was 14 million. Then 18 million. Now, it is possible that the data breach at the Office of Personnel Management involves 32 million former, current and prospective federal employees, along with their relatives and references.

OPM suffered a data breach beginning in November but did not become aware of the intrusion until April. Though some officials believe China is behind the hack, OPM Director Katherine Archuleta said at a committee hearing Wednesday that information is classified.

Rep. Jason Chaffetz, R-Utah, chairman of the House Committee on Oversight and Government Reform, asked if OPM keeps records on up to 32 million people. Archuleta refused to confirm. Chaffetz restated the question, growing heated.

“I am not going to give you a number I am not sure of,” Archuleta said. “I look forward to providing an accurate and complete report as soon as possible.”

Rep. Jason Chaffetz, R-Utah, chairman of the House Committee on Oversight and Government Reform, on Wednesday tells OPM Director Katherine Archuleta: “I think it’s time for you to go.” (Matthew J. Connor)
Rep. Jason Chaffetz, R-Utah, chairman of the House Committee on Oversight and Government Reform, on Wednesday tells OPM Director Katherine Archuleta: “I think it’s time for you to go.” (Matthew J. Connor)

For Archuleta, Wednesday marked her second appearance before the committee in as many weeks. Some members, including Chaffetz, called for her resignation last week. Those calls rang louder Wednesday.

“I’m not hearing leadership here,” Rep. Barbara Comstock, R-Va., said. “When Target … when they had this problem, it wasn’t just their CIO that lost their job, it was their CEO.”

If Archuleta resigns or steps down, she would join Julia Pierson and Kathleen Sebelius as two women leading prominent agencies to be ousted since April 2014.

Archuleta told the committee she is “more committed than ever” to leading OPM.

Archuleta spent Tuesday testifying before a Senate committee. Sen. John Boozman, R-Ark., chairman of the Senate Appropriations Committee, said the OPM lacks clear lines of accountability. Other members asked why OPM had not fully encrypted its employees’ information.

Archuleta played offense.

“These attacks will not stop. If anything, they will grow,” Archuleta said Tuesday. “Indeed, in this case, encryption wouldn’t have prevented the breach.”

Rep. Will Hurd, R-Texas, questions OPM Director Katherine Archuleta during a House committee hearing Wednesday. Hurd last week called the hack a sign that “America is under constant attack.” (Matthew J. Connor)
Rep. Will Hurd, R-Texas, questions OPM Director Katherine Archuleta during a House committee hearing Wednesday. Hurd last week called the hack a sign that “America is under constant attack.” (Matthew J. Connor)

The OPM data breach adds to a growing concern over cybersecurity. In 2014 alone, prominent data breaches on U.S. soil included the U.S. Postal Service, Staples, Home Depot and Sony. The Target hack that Comstock mentioned happened in 2013.

The questions from Chaffetz to Archuleta that up to about 32 million personnel records may have been hacked applied heat to the OPM director.

Though the federal government does not have nearly 32 million employees, former, retired and prospective employees’ information may have been lifted during the data breach. In addition, relatives of current, former, retired and prospective employees who filled out Standard Form-86 – used to gain security clearances for some positions – may have had their information stolen.

“It’s easy to make a scapegoat out of someone or something,” Rep. Gerald E. Connolly, D-Va., said. “But what we’re facing is a much bigger threat than a management snafu. To pretend somehow this is Ms. Archuleta’s fault is to really miss the big picture and, frankly, a disservice to our country.”

Connolly said the U.S. is now engaged in a “low-level, but intense, new kind of cold war.”

“People have been warning about the risk of a cyber Pearl Harbor,” Rep. Ron DeSantis, R-Fla., said. “Does this qualify as a cyber Pearl Harbor?”

Ann Barron-DiCamillo, director of computer emergencies at the Department of Homeland Security, shied away from applying such a label to the OPM data breach.

Nevertheless, Rep. Carolyn Maloney, D-N.Y., has described the cyber attack as “far more serious” than 9/11.

Another question that neither Archuleta nor OPM CIO Donna K. Seymour could answer is whether any foreign nationals are contractors to OPM – a situation that might give them access to the system.

Toward the end of the hearing, Chaffetz took verbal aim at Archuleta.

“I think you’re part of the problem,” Chaffetz said. “If we want different results, we are going to have to have different people. We got a crisis.”

This story is courtesy the Scripps Howard Foundation Wire. Like the SHFWire interns on Facebook and follow them on Twitter