In May 2015, the federal government suffered a massive data breach, a hack that exposed the names and Social Security numbers of more than 21-million people.
In a press release, the Office of Personal Management (OPM) reported that as a result of its “aggressive effort to upgrade the agency’s cybersecurity posture,” the agency discovered the massive theft of background records, reportedly originating in China, including “identification details such as Social Security numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal, and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints. User names and passwords that background-investigation applicants used to fill out their background-investigation forms were also stolen.”
This was a new breach – not the same looting of 4.2-million records that the agency discovered in April of this year.
The news didn’t stop OPM Director Katherine Archuleta, appointed to the post in 2013, from congratulating herself for the agency’s great strides in security. It was her “comprehensive IT strategic plan” that led to the knowledge that these incidents had happened.
But Archuleta lasted about one day after praising herself for noticing the theft, and the latest news is that the fingerprints of 5.6-million people were also grabbed in the mega-hacking of OPM’s “cybersecurity posture.”
OPM assures us that “federal experts believe that, as of now, the ability to misuse fingerprint data is limited.” As of right now ... this second ... as we hit the press ... you probably have nothing to worry about if your fingerprints got stolen from OPM’s data banks. Hurrah.
Even Archuleta would probably concede that discovering a robbery is not quite as good as preventing it. But let’s go so far as to say that the nature of bureaucracy itself is more to blame than Archuleta is for having failed to fix how her agency functions.
Of course, governments are not the only organizations vulnerable to being cyber-attacked because of lax security. Other victims in recent years have included Target, Chase, and Sony.
But it’s the decades-old privacy-invading policies of the federal government that have routinely converted all such breaches of personal data into potentially limitless disasters for the victims.