Fallout from the cyberattack on the US Office of Personnel Management is already starting: Federal background checks have been shut down for six to eight weeks as a “proactive” security measure. New employees and contractors will be left in clearance limbo as OPM cleans up its system.

The shutdown happened after OPM conducted an internal review that showed a vulnerability in its background check system, E-QIP, though the office explained that it hadn’t found evidence that hackers had actually exploited the flaw.

The actions OPM has taken are not the direct result of malicious activity on this network, and there is no evidence that the vulnerability in question has been exploited. Rather, OPM is taking this step proactively, as a result of its comprehensive security assessment, to ensure the ongoing security of its network.

It’s good that OPM is finally taking proactive security measures (though way overdue!) but there’s potentially much worse fallout from this hack than a temporarily halted background checking system—since the hack exposed at least 4.2 million former and current federal employees’ personal data, including extensive security clearance dossiers, it leaves many public sector workers vulnerable to blackmail and identity theft.

[OPM via ABC News]


Contact the author at kate.knibbs@gizmodo.com.
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C

Image from Wikimedia Commons