BLOG purpose

This BLOG is for LLNL present and past employees, friends of LLNL and anyone impacted by the privatization of the Lab to express their opinions and expose the waste, wrongdoing and any kind of injustice against employees and taxpayers by LLNS/DOE/NNSA. The opinions stated are personal opinions. Therefore, The BLOG author may or may not agree with them before making the decision to post them. Comments not conforming to BLOG rules are deleted. Blog author serves as a moderator. For new topics or suggestions, email

Thursday, November 5, 2015

Three-quarters of U.S. OPM hack victims still in dark

Your highly dysfunctional federal government at its very worst as shown below. And to think, this massive hack involved all your clearance data and your biometric data, too. And the data for your relatives. Nothing but silence from the OPM, though, with no help for those who have been compromised. Imagine if some business was hacked and responded this slowly to the compromised data of their customers.

*** Three-quarters of U.S. OPM hack victims still in dark - Reuters, Nov 3rd, 2015 ***

WASHINGTON (Reuters) - Fewer than a quarter of 21 million federal workers hit by a major computer hack have been officially told that their personal information was compromised, six months after the breach was detected, a U.S. government official said on Tuesday.

About 5 million notifications about the hack have been sent out so far, a spokesperson for the U.S. Office of Personnel Management (OPM) told Reuters in an email.

The slowness of the notification process underscores Washington's struggles in dealing with its computer vulnerabilities, a growing problem that the Obama administration has been trying to address.

After it fell victim to two successive cyber attacks, both begun in 2014 and revealed earlier this year, OPM was roundly criticized by lawmakers for its response.

OPM had no immediate additional comment on the matter on Tuesday, or on its expected notification timetable ahead.


Evil Echo said...

This administration has moved at breakneck speed to enact regulations via executive order on subjects near and dear to the president. But the security of employee data clearly does not matter to him so even the most basic of tasks like notification have failed to have be done.

Hopefully, the electorate will have learned that no matter the pretty message, we are never in need of a dictator that rules by personal fiat. The traditional system of checks and balances is cumbersome, but it protects us from abuses like this OPM mess.

Anonymous said...

You can contact OPM by phone and find out if you are a hacking victim, you don't have to wait for them to contact you.

Evil Echo said...

Yes I could. No I don't. No I should not have to.

The law specifies the protocol that is supposed to be followed. OPM is clearly dragging it's feet on this matter.

Anonymous said...

If you think there is anything you would do differently if you knew you had been affected, then logic would suggest you should do everything you can to find out without waiting for OPM. If you think there is nothing you could or should be doing differently then your attitude makes a kind of sense, I guess.

Anonymous said...

What should be happening is the same thing that happens when any major US business gets hacked:

(A) The company immediately informs those affected by mailing them a letter detailing what was compromised

(B) The company then arranges for the customers to get a free ID protection security service for a year or two

Target did this with their hack last year, T-Mobile did this with their recent hack, etc. What has our federal government done after almost a year of knowing about this massive hack of IDs, confidential medical info and biometric info? Absolutely nothing. That is inexcusable.

Evil Echo said...

Exactly as 9:38 said.

Some years back there was a breach at the Veterans Administration. I was notified by mail very shortly afterwards.

Why can't OPM behave the same way? I'd like to think they were not ordered to drag their feet, but what evidence is there to the contrary?

CF said...

OPM isn't better or worse at handling personal data than universities or companies. They all basically treat your data like your safety; they'll make some effort to protect you (and then spend twice as much energy convincing everyone how much they protect you), but in the end nobody cares but you.

The obvious difference is that since the personal data that OPM has is a tiny bit more valuable than that housed by most companies and universities, it not only attracts online bank thieves, but also ID thieves, terrorists, and oh yeah, ENTIRE FREAKING SOVEREIGN NATIONS who would LOVE to know anything that OPM has on you.

"(B) The company then arranges for the customers to get a free ID protection security service for a year or two"

You mean those worthless services that every breached .com .gov .edu buys in bulk for a pittance? As usual, it's mostly just feel-good back patting and publicity. At least it instills a false sense of security...

Evil Echo said...

11:55 hit the nail on the head. Absolutely true.

But even if a bad joke, the response is not there from OPM.

After spending an entire career implementing regulations detailing safeguarding information it irks me greatly to see someone else not only acting recklessly with sensitive data, but not facing any corrective action after one or more major infractions.

Anonymous said...

4:40 PM is irked (and justifiably so) that no one is facing corrective action at OPM. Well the head of OPM did resign so maybe the administration figures that's enough. If you had the chance to see her testimony at the congressional hearing it made you cringe knowing that such incompetence was running the organization.

Evil Echo said...

Incompetence hires more incompetence. The person(s) that oversee OPM should also be punished. And a review of security procedures done immediately to secure those servers so that further incidents do not occur.

Anonymous said...

Two people I know have been forwarded OPM letters from their parents' addresses. OPM is apparently using the information from when they FIRST applied for a clearance, even though it was ~20 years ago and they've filed multiple rounds of paperwork since.

Evil Echo said...

Wait... the folks overseeing my security clearance, the ones who would reject a form if it had pencil marks on it, can't look up my current address?!!!


CF said...

7:37's experience is not uncommon.

Evil Echo is right to be frustrated. How exactly does OPM lack the ability to to find people (who have given them comprehensive life histories and unprecedented personal access) to tell them directly that their data was stolen during a breech that may have had state ties?

Clearly we need to step up electronic domestic surveillance to prevent such problems in the future .

Anonymous said...

Shouldn't be too long before everyone with a high level clearance is required to be "chipped" just to keep their job.

Cleared federal workers will be the first large group to undergo continuous tracking by our government.

Evil Echo said...

Given the inability to maintain what resources are currently allocated to them, how could I begin to trust the US government with chip implants?

Chips represent the ultimate loss of privacy. I'm sorry, but that is a bridge too far for me.


Submit candidates for new topics here only. Stay on topic with National Labs' related issues. All submissions are screened first for ...