U.S. personnel management hack preventable, congressional probe finds
Dustin Volz reports:
The U.S. Office of Personnel Management (OPM) did not follow rudimentary cyber security recommendations that could have mitigated or even prevented major attacks that compromised sensitive data belonging to more than 22 million people, a congressional investigation being released on Wednesday has found.
Two breaches at the federal agency detected in 2014 and 2015 were made worse by lax security culture and ineffective leadership, which failed to harness available tools that could have stopped or limited the intrusions, according to the report from the Republicans on the U.S. House of Representatives’ Committee on Oversight and Government Reform, a copy of which was seen by Reuters.
Read more on Reuters, keeping in mind that this was not a panel of our most respected security experts but a politically charged process. Not surprisingly, the Democrats did not concur with the Republicans. As Volz reports:
Representative Elijah Cummings, the top Democrat on the oversight panel, rejected the report’s findings in a memo to other Democrats. He claimed the report had factual deficiencies and did not account for mistakes made by federal contractors.
Infosecurity is hard enough without politicians who can’t even manage to fund urgently needed public health initiatives trying to score political points after a data breach.
All that said, do read Brian Krebs’ coverage of the report, as he pulls out the kind of findings that you may find interesting about what went amiss.