The Associated Press reports: An Office of Personnel Management investigative official said Tuesday the agency entrusted with millions of personnel records has a history of failing to meet basic computer network security requirements.
Michael Esser, assistant inspector general for audit, said in testimony prepared for delivery that for years many of the people running the agency’s information technology had no IT background. He also said the agency had not disciplined any employees for the agency’s failure to pass numerous cyber security audits.
Esser and others were testifying Tuesday to the House Oversight and Government Reform Committee about the cyber-theft of private information on millions of former and current federal employees, as well as U.S. security clearance holders, by hackers linked to China.
Officials fear that China will seek to gain leverage over Americans with access to secrets by pressuring their overseas relatives, particularly if they happen to be living in China or another authoritarian country. Over the last decade, U.S. intelligence agencies have sought to hire more people of Asian and Middle Eastern descent, some of whom have relatives living overseas. The compromise of their personal data is likely to place additional burdens on employees who already face onerous security scrutiny.
China denies involvement in the cyberattack that is being called the most damaging U.S. national security loss in more than a decade.
The potential for new avenues of espionage against the U.S. is among the most obvious repercussions of the pair of data breaches by hackers who are believed to have stolen personnel data on millions of current and former federal employees and contractors. [Continue reading…]