> <i>C, for the Central Verification System (CVS), ... contains ... Personal Identification Verification (PIV) credentials ... and polygraph data</i><p>Good lord.<p>Yet, somehow, someone might still present the solution as needing to spend more money sooner: <i>It was only when OPM was assessing systems to actually implement the sort of continuous monitoring tools ... that OPM security officers discovered traffic outbound from the network</i>. If only they'd demo'd the software a year ago, right? /s<p>Is anyone getting fired? Why should anyone lift a finger during this 30-day sprint? And what happens on Day 31?
<i>"Among the things the inspector general found that could have helped hackers was that nearly a quarter of the agency's systems did not have valid authorization procedures," she said. "The reason that's important is because one of the departments that didn't have the correct procedures was the Federal Investigative Services. That's the group responsible for background investigations of federal employees. So that data's very sensitive, and as we know now, this is one of the databases that was hacked."</i><p>Let me get this straight. You had really sensitive data, you knew it wasn't secure and huge portions of the systems didn't have valid authorization procedures?<p>This is pretty eye opening, even for a governmental agency. The scary thing is, this is just the tip of the iceberg. It seems this breach was inevitable considering how many other EPIC FAILS are mentioned in the article.
'The $20.8 million "first call" was for 3.2 million "units" of credit monitoring and identity theft recovery services'<p>At seven bucks a piece, this seems very cheap, especially for a rushed government purchase. Any thoughts? Am I missing something?
I feel like the OPM isn't doing enough about this breach. Espionage or not, American citizens outside the IC were affected and deserve to know if they've been compromised. More efforts need to be made to inform potential victims before any more harm comes from this, including greater transparency with regards to what systems have been affected and what the OPM could have done to better secure this data. That, and an apology would be nice.
Would not be surprised if this was related to the US temporarily stopping the issuance of visas.<p><a href="http://travel.state.gov/content/travel/english/news/technological-systems-issue.html" rel="nofollow">http://travel.state.gov/content/travel/english/news/technolo...</a>
Hypothetically, could U.S. persons who were affected by this breach claim any sort of financial reprieve for future lost wages? I'd imagine those affected would not be very desirable or even eligible any more for secure work.