Page 16 - GS150701
P. 16
News
number. The Commission provides an exemption for the vowed to continue notifying personnel throughout the
first call to a reassigned number, giving the company investigation should additional PII exposures occur. The
the opportunity to remove the number from its active OPM will provide 18 months of free credit reporting,
subscriber database. Subsequent calls to the reassigned credit monitoring, and up to $1 million dollars in identity
number, in the event that the new subscriber has not theft and recovery insurance services to all potentially
consented to receive marketing calls, could result in fines affected individuals.
and penalties.
The OPM advised all personnel to "monitor financial
Strong response to account statements and immediately report any suspicious
or unusual activity to financial institutions." Employees
massive breach of are encouraged to make use of public resources such
as AnnualCreditReport.com and the Federal Trade
Commission's identity theft website, www.identitytheft.gov.
federal workers' PII They can also contact TransUnion LLC to request that
a fraud alert be placed on their files, which instructs
prospective creditors to contact consumers before opening
or activating new accounts.
he United States Office of Personnel
Management confirmed on June 4, 2015, that The agency also advised federal personnel and private
a cybersecurity attack may have impacted as citizens to be suspicious of unsolicited phone and email
T many as 4 million current and former govern- communications from unknown individuals claiming
ment workers. This new data security breach follows the to represent legitimate organizations. It also suggested
recent intrusion of a consumer-facing web portal hosted the following resources for further guidance: Protecting
by the Internal Revenue Service disclosed May 26 and the Your Privacy, www.us-cert.gov/ncas/tips/ST04-013; the
breach of an unclassified network at The White House Anti-Phishing Working Group www.antiphishing.org;
reported in October 2014. Understanding Firewalls, www.us-cert.gov/ncas/tips/ST04-
004; Understanding Anti-Virus Software, www.us-cert.gov/
The recent OPM incident occurred during a window of ncas/tips/ST04-005; Reducing Spam, www.us-cert.gov/ncas/
vulnerability before the agency's network was reinforced tips/ST04-007); and the FBI's Internet Crime Complaint
with new security tools and capabilities, authorities said. Center at www.ic3.gov.
Recently installed threat detection tools and capabilities
led to the discovery in April 2015 of an intrusion that had Immunize against future attacks
been operating undetected for an unknown period. At the June 2015 Exponential Finance conference, Marc
Goodman, global security advisor and author of Future
"OPM has partnered with the U.S. Department of Crimes: Everything is Connected, Everyone is Vulnerable, and
Homeland Security's Computer Emergency Readiness What We Can Do About It, observed similarities between
Team (US-CERT) and the Federal Bureau of Investigation cyber security and public health best practices and
(FBI) to determine the full impact to federal personnel," recommended that the security community borrow a page
the OPM stated, reiterating its continuous efforts to protect from the Center for Disease Control playbook.
sensitive data by improving security best practices and
information technology (IT) infrastructure monitoring. "I'd like to see the security community adopt a more
epidemiological approach to cyber security, by immunizing
In the wake of the data breach, the OPM beefed up network the public against widespread computer viruses and cyber
security alerts and restricted access to its networks by attacks," he said, referring to the scientific study of cause
remote IT personnel. IT administrators are also reviewing and effect of infectious diseases used to create public
ports and connections and deploying anti-malware across policy by identifying risks and establishing guidelines for
the enterprise to further protect the network. preventive healthcare.
Another remediation drill
Goodman cited a 1999 study by the CDC that identified
OPM Director Katherine Archuleta said the OPM will automotive safety as the most significant accomplishment
honor its responsibility to secure the information stored of the 20th century, an achievement tied to the publication
in its systems and take additional measures to secure in 1965 of Ralph Nader's book, Unsafe at Any Speed. About
its network. "Protecting our federal employee data from the book, Goodman said, "3.5 thousand people were killed
malicious cyber incidents is of the highest priority at per day worldwide until that book was published, which
OPM," she said. led to seatbelts, air bags and a range of other improved
industry standards."
The OPM stated its plans to notify the approximately Editor's note: For additional news stories, please see Breaking Industry
4 million individuals whose personally identifiable News on our home page, www.greensheet.com.
information (PII) may have been compromised. It
16
number. The Commission provides an exemption for the vowed to continue notifying personnel throughout the
first call to a reassigned number, giving the company investigation should additional PII exposures occur. The
the opportunity to remove the number from its active OPM will provide 18 months of free credit reporting,
subscriber database. Subsequent calls to the reassigned credit monitoring, and up to $1 million dollars in identity
number, in the event that the new subscriber has not theft and recovery insurance services to all potentially
consented to receive marketing calls, could result in fines affected individuals.
and penalties.
The OPM advised all personnel to "monitor financial
Strong response to account statements and immediately report any suspicious
or unusual activity to financial institutions." Employees
massive breach of are encouraged to make use of public resources such
as AnnualCreditReport.com and the Federal Trade
Commission's identity theft website, www.identitytheft.gov.
federal workers' PII They can also contact TransUnion LLC to request that
a fraud alert be placed on their files, which instructs
prospective creditors to contact consumers before opening
or activating new accounts.
he United States Office of Personnel
Management confirmed on June 4, 2015, that The agency also advised federal personnel and private
a cybersecurity attack may have impacted as citizens to be suspicious of unsolicited phone and email
T many as 4 million current and former govern- communications from unknown individuals claiming
ment workers. This new data security breach follows the to represent legitimate organizations. It also suggested
recent intrusion of a consumer-facing web portal hosted the following resources for further guidance: Protecting
by the Internal Revenue Service disclosed May 26 and the Your Privacy, www.us-cert.gov/ncas/tips/ST04-013; the
breach of an unclassified network at The White House Anti-Phishing Working Group www.antiphishing.org;
reported in October 2014. Understanding Firewalls, www.us-cert.gov/ncas/tips/ST04-
004; Understanding Anti-Virus Software, www.us-cert.gov/
The recent OPM incident occurred during a window of ncas/tips/ST04-005; Reducing Spam, www.us-cert.gov/ncas/
vulnerability before the agency's network was reinforced tips/ST04-007); and the FBI's Internet Crime Complaint
with new security tools and capabilities, authorities said. Center at www.ic3.gov.
Recently installed threat detection tools and capabilities
led to the discovery in April 2015 of an intrusion that had Immunize against future attacks
been operating undetected for an unknown period. At the June 2015 Exponential Finance conference, Marc
Goodman, global security advisor and author of Future
"OPM has partnered with the U.S. Department of Crimes: Everything is Connected, Everyone is Vulnerable, and
Homeland Security's Computer Emergency Readiness What We Can Do About It, observed similarities between
Team (US-CERT) and the Federal Bureau of Investigation cyber security and public health best practices and
(FBI) to determine the full impact to federal personnel," recommended that the security community borrow a page
the OPM stated, reiterating its continuous efforts to protect from the Center for Disease Control playbook.
sensitive data by improving security best practices and
information technology (IT) infrastructure monitoring. "I'd like to see the security community adopt a more
epidemiological approach to cyber security, by immunizing
In the wake of the data breach, the OPM beefed up network the public against widespread computer viruses and cyber
security alerts and restricted access to its networks by attacks," he said, referring to the scientific study of cause
remote IT personnel. IT administrators are also reviewing and effect of infectious diseases used to create public
ports and connections and deploying anti-malware across policy by identifying risks and establishing guidelines for
the enterprise to further protect the network. preventive healthcare.
Another remediation drill
Goodman cited a 1999 study by the CDC that identified
OPM Director Katherine Archuleta said the OPM will automotive safety as the most significant accomplishment
honor its responsibility to secure the information stored of the 20th century, an achievement tied to the publication
in its systems and take additional measures to secure in 1965 of Ralph Nader's book, Unsafe at Any Speed. About
its network. "Protecting our federal employee data from the book, Goodman said, "3.5 thousand people were killed
malicious cyber incidents is of the highest priority at per day worldwide until that book was published, which
OPM," she said. led to seatbelts, air bags and a range of other improved
industry standards."
The OPM stated its plans to notify the approximately Editor's note: For additional news stories, please see Breaking Industry
4 million individuals whose personally identifiable News on our home page, www.greensheet.com.
information (PII) may have been compromised. It
16
