The damage to government’s credibility far outweighed the breach’s impact on security, officials said.
The greatest damage caused by the massive Office of Personnel Management data breach wasn’t the loss of the documents themselves—it was the damage to the U.S. government’s reputation, current and former officials said Monday.
“It’s a big deal in the sense that we need to renew the faith of the American public that we can protect that information,” said Charles Phalen, director of the National Background Investigations Bureau, the successor agency to OPM’s background check service the Obama administration stood up after the breach.
“It’s less of a big deal holistically in terms of danger to people,” Phalen said during a panel discussion hosted by the Intelligence National Security Alliance.
That assessment was seconded by former CIA Director of Security Mary Rose McCaffrey.
“It’s all about the credibility,” she said.
Phalen is confident the government is now protecting the background check information it holds “as well as possibly can be,” he said.
That does little convince the American public to trust the government with sensitive information, Phalen said. Earning back that confidence will simply be a matter of time, he added.
Nearly 75 percent of Americans doubt government’s ability to keep their information private and secure, according to a survey released Monday by the consulting firm Accenture.
The OPM breach compromised sensitive security clearance information from about 21.5 million current and former federal employees and their families. The Chinese government is widely believed to be responsible for the breach, though the intelligence community has not released an official attribution.
The Chinese goal may have been to find compromising information its intelligence agencies could use to lure or blackmail well-placed federal employees. A top government priority, Phalen said, is to train employees who might be targets of those approaches to recognize their telltale signs.
There’s no firm evidence information compromised by the OPM breach has been used by criminals to steal victims’ identities or to create phony bank and credit accounts.
The OPM breach did not have a significant impact on the government’s security clearance backlog, Phalen said. That backlog was largely driven by the 2014 canceling of a clearance vetting contract with the company USIS after the contractor suffered its own data breach.
Clearances were only delayed for about six weeks by the OPM breach, Phalen said.