OMP Director Katherine Archuleta resigned last week in the wake of the loss of millions of personnel records.
Here’s the latest tally of lost records according to the Washington Post:
Of those whose data was in the OPM background-check system, 19.7 million had applied for a security clearance. An additional 1.8 million were spouses, family members and other non-applicants, officials said.
Also exposed were 1.1 million sets of fingerprints, detailed financial and health records, and computer usernames and passwords that applicants used to fill out their security-clearance forms online.
Meeting with reporters last Thursday, FBI Director Comey said,
It is a very big deal from a national security perspective and from a counterintelligence perspective. It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government.
No one is saying how the hack was pulled off. In a speech last week, Jeh Johnson, Secretary of Homeland Security, observed,
What amazes me when I look into a lot of intrusions, including some really big ones by multiple different types of actors, it often starts with the most basic active spear-phishing where somebody is allowed in the gate and penetrates a network simply because an employee clicked on something he or she shouldn’t have.
How do you keep people from clicking on something he or she shouldn’t have? That is where SP Guard from Iconix comes into help defend against spearphishing by providing employees with visual trust indicators, helping them tell real emails from clever attacks.