MFOHome About Commentary Discussions Funds The Best Resources Support Us!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

OPM Hack May Have Affected 32 Million Government Employees

Comments

  • JohnChisum
    I think it's safe to say that if your were in the military or worked for the govt or applied to work there, you are affected.
  • TedTed
    @MFO Members: 4 million, 6 million, 10 milliom, 25 million, 32 million, who cares, their Government Employees ? These are the folks who mistreat, the taxpayers when they go for help at the VA, SS, PO, IRS, and so forth. !
    Regards,
    Ted
  • JohnChisum
    Ted, you and I are included being ex-military.
  • TedTed
    @John Chisum: Military records, past and present, were not involved !
    Regards,
    Ted
  • CrashCrash
    OPM hacks WITHIN the department? Scum filth spooge holes.
  • Old_JoeOld_Joe
    "OPM hacks WITHIN the department?"

    @Crash- Where did you see that allegation?
  • AnnaAnna
    edited July 2015
    Well, I'm still in limbo with this. Other recent retirees seem to be getting the letter from OPM. Others, like me, are wondering about the ambiguous state of "didn't get a letter" since we aren't sure exactly where (snail or email) it might come from or which record of our address or email they might use. For example, I moved from MD to WA and last year my .mil address was retired with their software upgrade so no more .mil forwards. So we feel like people whose critical warning got lost in the mail or eaten by the mail server's spam filter even if their wasn't one. At this point everyone needs to be contacted and told they were or were not affected. On the other hand it seems inevitable that everyone with data anywhere will eventually have their data up for sale in dark recesses of the global underground. Nothing can really be done about it except to expect to be lucky because you are uninteresting in those data bases. So don't worry; be happy? Color me the color of limbo.

    No, Ted these are probably the bureaucrats and managers, not customer service level personnel. I too am waiting for Crash to tell me about OPM-Snowden.
  • CrashCrash
    The very start of the article in the link: "The hacks at the Office of Personnel Management..."
    ...Then again, I might have just taken it wrong, due to the sloppy way it was expressed. Proper, specific, accurate English can't be found anywhere, anymore.
  • Old_JoeOld_Joe
    Yes, should have read "The hacks on the Office of Personnel Management..."

    Agree with you re proper, specific, accurate English. Probably unavoidable "collateral damage" from twits, tweets and twats on the internet
  • CrashCrash
    @Old_Joe, gotta love your reply. And your outlook, generally.:)
  • heezsafe
    This article has quite a bit more detail. Unfortunately, it's pretty bad.
    http://arstechnica.com/security/2015/06/encryption-would-not-have-helped-at-opm-says-dhs-official/
    But some of the security issues at OPM fall on Congress' shoulders—the breaches of contractors in particular. Until recently, federal agents carried out background investigations for OPM. Then Congress cut the budget for investigations, and they were outsourced to USIS, which, as one person familiar with OPM's investigation process told Ars, was essentially a company made up of "some OPM people who quit the agency and started up USIS on a shoestring." When USIS was breached and most of its data (if not all of it) was stolen, the company lost its government contracts and was replaced by KeyPoint—"a bunch of people on an even thinner shoestring. Now if you get investigated, it's by a person with a personal Gmail account because the company that does the investigation literally has no IT infrastructure. And this Gmail account is not one of those where a company contracts with Google for business services. It is a personal Gmail account."

    Some of the contractors that have helped OPM with managing internal data have had security issues of their own—including potentially giving foreign governments direct access to data long before the recent reported breaches. A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports. I know that because I challenged them personally and revoked their privileges. From my perspective, OPM compromised this information more than three years ago and my take on the current breach is 'so what's new?'"
    Kinda takes the breath away. Some of the legacy systems were written in .... COBOL!

    @Ted @Old_Joe The Department of Veterans' Affairs national telehealth program system was extensively breached in December of 2014.
  • catch22catch22
    edited July 2015
    Alright to be ex-CIA then, eh? No "real or accurate" records exist for that retiree. :)
    Whew! , with a sigh of relief. Hack away.....
Sign In or Register to comment.