US govt HR office suspends system after finding new flaw

By

Authorities now think 10 million affected in data breach.

The US Office of Personnel Management (OPM) said it would temporarily suspend a system it uses to complete background investigations following a data breach that compromised the personal information of millions of Americans.

US govt HR office suspends system after finding new flaw

The program, called electronic questionnaires for investigations processing (e-QIP), was not involved in either of two attacks by suspected Chinese hackers on personnel data and applications for security clearances revealed earlier this month, OPM said.

But a security review ordered into the data breach by Director Katherine Archuleta found a vulnerability in the e-QIP system.

The system will be taken offline for 4-6 weeks until security can be enhanced.

In a statement, the agency said there was no evidence the vulnerability had been exploited.

However, some agencies are considering switching to a more old-school process of submitting data on paper, according to sources familiar with the issue who were not authorised to speak publicly about it.

The breach has fuelled doubts about the centralised electronic system set up to process security clearances after the Sept. 11, 2001 hijacking attacks, and could prompt some intelligence agencies and others to switch back to their own applications, the sources said.

e-QIP is designed to collect massive amounts of personal data, ranging from financial histories to family information, on those undergoing federal background checks.

One Senate aide, who was not authorised to speak publicly, said the move could pressure the US government to continue reducing the number of overall clearances issued.

The announcement follows widespread doubts among lawmakers about Archuleta's ability to lead OPM following the announcement earlier this month of the sweeping breaches.

Archuleta has so far refused to answer where the attacks originated or how many people were affected, leading many in Congress to call for her resignation.

The massive data breach is now believed to have affected well over 10 million separate users, the sources said. The Federal Bureau of Investigation has said up to 18 million could have been affected.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?