Early in the month, the Office of Personnel Management reported that the personal data of 4 million current and former federal employees had been compromised by a hack which other officials attributed to China. By the number of workers impacted, the breach was the worst in U.S. history, exceeding the 3.5 million current and former employees placed at risk in 2011 by a massive breach at the Texas Comptroller's office. As the month progressed, news relating to OPM worsened dramatically, with revelations of a second hack, this time of a database of highly sensitive background investigation information gathered from up to 14 million employees, contractors and applicants who had sought national security clearances. The potential for blackmail and manipulation of those whose information was exposed is a significant blow to national security, prompting some members of Congress to label it a digital Pearl Harbor. Considering the battering OPM administrators and contractors deservedly received during Congressional hearings, it seems very likely that a new leadership team will soon be required at the agency.
If insiders and hackers can overcome the cyber defenses of the State Department, NSA and OPM to gain access to their crown jewels, how secure is any information available via the Internet? Some would argue that the private sector can protect data they control better than the government, but we may be only one news cycle away from disproving this contention. In any event, June has certainly been a sobering month for anyone concerned about safeguarding employee information.