US govt HR office suspends system after finding new flaw

The US Office of Personnel Management (OPM) said it would temporarily suspend a system it uses to complete background investigations following a data breach that compromised the personal information of millions of Americans.

The program, called electronic questionnaires for investigations processing (e-QIP), was not involved in either of two attacks by suspected Chinese hackers on personnel data and applications for security clearances revealed earlier this month, OPM said.

But a security review ordered into the data breach by Director Katherine Archuleta found a vulnerability in the e-QIP system.

The system will be taken offline for 4-6 weeks until security can be enhanced.

In a statement, the agency said there was no evidence the vulnerability had been exploited.

However, some agencies are considering switching to a more old-school process of submitting data on paper, according to sources familiar with the issue who were not authorised to speak publicly about it.

The breach has fuelled doubts about the centralised electronic system set up to process security clearances after the Sept. 11, 2001 hijacking attacks, and could prompt some intelligence agencies and others to switch back to their own applications, the sources said.

e-QIP is designed to collect massive amounts of personal data, ranging from financial histories to family information, on those undergoing federal background checks.

One Senate aide, who was not authorised to speak publicly, said the move could pressure the US government to continue reducing the number of overall clearances issued.

The announcement follows widespread doubts among lawmakers about Archuleta's ability to lead OPM following the announcement earlier this month of the sweeping breaches.

Archuleta has so far refused to answer where the attacks originated or how many people were affected, leading many in Congress to call for her resignation.

The massive data breach is now believed to have affected well over 10 million separate users, the sources said. The Federal Bureau of Investigation has said up to 18 million could have been affected.