Here’s proof that the government blind-bumbles its way through tech problems like some hydra-headed bureaucratic Mr. Magoo: The Army thought a legitimate email of warning from another agency was also from hackers—and ended up leaving people affected by the hack in the dark because of its mistake.

After personal data was stolen from millions of federal employees in an enormous breach of the Office of Personnel Management, the Army sent out an email warning people that hackers were trying to attack them again, this time by using a phishing email to collect even more personal information. Except the “phishing email” in question was actually an official email from an OPM contractor, telling people they were affected by the data breach and offering credit monitoring services to help them avoid fraudulent charges.

Advertisement

As The Intercept’s Jana Winters reports, this ended up hurting the OPM hack targets, because the Army’s investigation into the “phishing email” meant people got notified late:

Army and Air Force investigations of the “phishing scam” delayed by several days both victim notification and credit monitoring benefits to Defense Department personnel whose private information had fallen prey to OPM hackers. The emails notifying victims notifications and linking to about the monitoring only went through after spam filters were reset.

This is almost comical, except real people—who are already vulnerable because the government can’t maintain decent operational security—are now doubly screwed because the government also can’t figure out how to communicate between agencies.

Advertisement

[The Intercept]

Photo via AP

Advertisement


Contact the author at kate.knibbs@gizmodo.com.
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C