OPM says it detected a cyber intrusion in April.
The Office of Personnel Management is informing 4 million current and former federal employees about a hack attack that could have compromised their personal details.
The malicious activity discovered in April marks the fourth network intrusion of an organization holding sensitive records on personnel with possible access to classified information. OPM, alone, has been attacked by hackers twice during the past year.
About a month after detecting the most recent OPM incident, government officials learned employee personal information had been breached.
A Department of Homeland Security governmentwide intrusion detection and prevention system has been probing OPM systems and the Interior Department's "shared services" data center for a certain type of malware. The Interior data center provides many agencies governmentwide with contracting, financial, and human resources services.
DHS added information about the traits of the malware, or "signatures," to EINSTEIN, the governmentwide network monitoring system. In this incident, EINSTEIN was deployed to "identify the presence of a cybersecurity incident affecting" OPM’s IT systems and Interior's shared services center.
DHS "cyber incident response teams were deployed to identify the scope of the potential intrusion and mitigate any risks identified. Based upon these response activities, DHS concluded at the beginning of May 2015 that OPM data had been compromised," Homeland Security officials said in a statement.
The FBI is investigating how the incident transpired and the motive.
It’s the latest in a string of high-profile cyber breaches to hit government.
Last March, hackers reportedly from China broke into some OPM databases containing information on security-clearances holders.
In December 2014, OPM alerted more than 48,000 employees to a breach at KeyPoint Government Solutions, which conducts background investigations of federal employees seeking security clearances. And in August 2014, USIS, formerly a large provider of background checks, revealed its systems had been breached, potentially exposing information on 25,000 employees. OPM subsequently canceled work with the company.
Unclassified networks at the State Department and the White House were breached sometime last fall. The White House copped to a breach in October. The State Department said a month later its networks had also been infiltrated.
OPM officials say that while enhancing system security safeguards, they detected the cybersecurity incident in April. It is unclear when the hackers actually struck, but OPM officials said "the intrusion predated the adoption of the tougher security controls."
OPM has since added more protections, by among other things, restricting remote access for network administrators and blocking network administration functions remotely. The agency also is deploying "anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network," OPM officials said.
It is unclear if the assailants are still inside the network.
“Protecting our federal employee data from malicious cyberincidents is of the highest priority at OPM,” OPM Director Katherine Archuleta said in a statement early Thursday evening. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”
The FBI and DHS have shared an information bulletin about the attack with the private sector.
OPM says it will send notifications to the affected individuals. "Since the investigation is ongoing, additional PII," or personally identifiable information, "exposures may come to light," OPM officials cautioned.
Affected past and current employees will be offered free 18-month credit monitoring, as well as $1 million worth of identity theft insurance and recovery services through CSID.
(Image via wk1003mike/ Shutterstock.com)