16:46 GMT +314 October 2019
Listen Live
    According to media reports, US investigators believe Chinese hackers were responsible the security breach.

    Hacked US Agency Had Long History of Slack Security

    © Flickr / Andrew Catellier
    US
    Get short URL
    0 54
    Subscribe

    The US Office of Personnel Management (OPM) had a history of security failures before a data breach compromised millions of US federal workers’ personal data, according to the Assistant Inspector General for Audits Michael Esser said in US congressional testimony on Tuesday.

    WASHINGTON (Sputnik) – The US Office of Personnel Management (OPM) had history of security requirement failures before a data breach compromised millions of US federal workers’ personal data, the Assistant Inspector General for Audits Michael Esser said in US congressional testimony on Tuesday.

    "Many security controls went unimplemented and or remained untested, and OPM routinely failed a variety of FISMA [Federal Information Security Management Act] metrics year after year,” Esser said in a statement to the US House Committee on Oversight and Government Reform.

    The inspector general added a decentralized governance structure led to “material weakness” in security at OPM.

    Earlier this month, the OPM announced that a cybersecurity breach in April 2015 compromised the personal data of up to four million current and former federal employees.

    Esser said that an audit of OPM revealed the agency did not have a centralized inventory of its servers and databases within its networks.

    In 2014, he said, 21 of OPM’s information systems were due for a security assessment and authorization procedure, but had not been completed and proceeded to operate “without a valid authorization.”

    Esser said the failure “represents a systemic issue of inadequate planning by OPM program offices to assess and authorize the information systems.”

    According to media reports, US investigators believe Chinese hackers were responsible the security breach. China has denied the allegations.

    The administration of US President Barack Obama has so far avoided blaming China for the attack.

    OPM serves as the US government’s human resource department. Among its responsibilities is managing US federal pension benefits and conducting background investigations for security clearances.

    Related:

    Human Rights Groups Say New EU Law Destroys Data Protection
    EU States Agree on General Approach for Regulating Data Protection
    China Demands Evidence After US Accuses Beijing of Hacking Federal Database
    US Spy Agency Sources Say Freedom Act Will Not Stop Mass Data Program
    Tags:
    FISMA, spy scandal, data breach, US Office of Personnel Management (OPM), China, United States
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik