The Office of Personnel Management continues to repair the damage after two separate data security breaches this spring. Recently announced changes move the process along, but it is far from over.
Federal News Radio reported OPM acting Director Beth Cobert announced Nov. 10 the agency was developing an on-line system allowing people to determine if their records were a part of the cyber intrusion. Working with the Department of Defense, the agency hopes to have this “verification center” operational by the end of November. According to Cobert, “Given the sensitivity of the population, given the data that was affected in the breach, we’ve got a set of procedures that allow people to self identify, but also do it in a way that’s secure.”
Notification letters continue to be mailed to those OPM has identified as “at risk” from the largest of the two data thefts, discovered in June, out of roughly 5 million background investigation records. According to the latest data released, 1.3 million letters remain to be sent.
Currently, the Office of Personnel Management has a Cybersecurity Resource Center on-line. The verification center does not yet appear to have been implemented, but the site provides information about the two data breaches including notification of those affected and resources offered to them.
OPM has also taken steps to acquire technical expertise in the area of cyber security. Along with approving 1,000 new positions for Homeland Security, it is asking civilian agencies to identify their top five gaps in cyber security as part of a new cybersecurity strategy and implementation plan.
Acting Director Cobert recently announced the appointment of a new senior cyber and information technology advisor for OPM. Clifton Triplett comes to the agency from the private sector. AWest Point graduate, Triplett served in the military for a decade before working civilian positions in a number of Fortune 200 companies. Triplett will work with the OPM CIO to “support the ongoing response to the recent incidents, complete development of OPM’s plan to mitigate future incidents, and recommend further improvements to best secure OPM’s IT architecture.”
About five percent of those receiving notification letters are taking advantage of identity theft protection services OPM is offering. Those services are explained in the letters, and a PIN is included so that services can be obtained at the on-line Cybersecurity Resource Center. Site users should avoid using public computers such as those in libraries or cyber cafes, and as well as avoid using free public wi-fi access such as that in coffee shops. The user-end of cyber connections must be secure to secure the entire process.