The US Office of Personnel Management is beginning to reach out to victims of last week’s extensive and unprecedented hack of its records.
According to documents seen by TechCrunch, the OPM is partnering with the Department of Homeland Security’s US Computer Emergency Readiness Team (US-CERT) to identify the extent of the damage done by the hackers.
The government is also providing credit protection services to employees affected by the breach.
“I think they’re completely struggling here,” says one former employee of one of the government’s intelligence agencies. “The government doesn’t know what the hell was taken.”
As the Washington Post is reporting, the government is offering 18 months credit monitoring and fraud protection services, but the danger to current and former government employees could last years longer.
Moreover, the leak has further underlined one of the major weaknesses with the government’s technology infrastructure, which is the apparent lack of auditing and data management software that would enable agencies like the Office of Personnel Management to understand the scope of the security failure.
It’s a problem that has persisted since Chelsea Manning leaked documents to Wikileaks, through the continuing revelations coming from Edward Snowden. The government simply doesn’t have a handle on who, and how, people are accessing information on its networks.
“We were broken into and we thought it was useless employment data and we are slowly discovering what it was that they stole,” says the former intelligence employee. “They are slowly figuring it out much like they have in the past.”