Another background investigation firm is the victim of cyber attack, putting more personal data of federal employees and contractors at risk. KeyPoint Government Solutions suffered a breach of its systems, according to the Washington Post report. The Office of Personnel Management didn’t offer details of the breach but they did say they were notifying 48,439 federal workers that their personal information may have been stolen.
Once the largest provider of security clearance background investigations, USIS acknowledged a cyber breach August 7. September 30 OPM announced it was cancelling its contracts with USIS and diverted work to other contracting firms including KeyPoint. The cyber breach was the final straw in a series of federal government criticisms of USIS, including allegations of falsified reports and a Department of Justice complaint.
Business as Usual
In contrast, OPM has already come out in support of KeyPoint. In an internal email obtained by the Washington Post, OPM’s chief information officer said “following the discovery of the problem, KeyPoint implemented numerous controls to strengthen the security of its network. The immediacy with which KeyPoint was able to remediate vulnerabilities has allowed us to continue to conduct business with the company without interruption.”
OPM said it would be offering credit monitoring to affected employees. The larger issue remains who might be behind the attack. In the case of the USIS breach, government leadership speculated it was the work of China – which means motivations are more political than financial. Security clearance holders should remain leery of any unexpected solicitations for personal information or credentials. Obtaining the personal information of clearance holders is just a first step in likely attempts to data mine for any government secrets those clearance holders might have.